1 /* 2 * Copyright (c) 2004, 2005 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Jeffrey M. Hsu. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of The DragonFly Project nor the names of its 16 * contributors may be used to endorse or promote products derived 17 * from this software without specific, prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 25 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 27 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 29 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)if_ether.c 8.1 (Berkeley) 6/10/93 66 * $FreeBSD: src/sys/netinet/if_ether.c,v 1.64.2.23 2003/04/11 07:23:15 fjoe Exp $ 67 * $DragonFly: src/sys/netinet/if_ether.c,v 1.53 2008/09/27 11:29:47 sephe Exp $ 68 */ 69 70 /* 71 * Ethernet address resolution protocol. 72 * TODO: 73 * add "inuse/lock" bit (or ref. count) along with valid bit 74 */ 75 76 #include "opt_inet.h" 77 #include "opt_carp.h" 78 79 #include <sys/param.h> 80 #include <sys/kernel.h> 81 #include <sys/queue.h> 82 #include <sys/sysctl.h> 83 #include <sys/systm.h> 84 #include <sys/mbuf.h> 85 #include <sys/malloc.h> 86 #include <sys/socket.h> 87 #include <sys/syslog.h> 88 89 #include <net/if.h> 90 #include <net/if_dl.h> 91 #include <net/if_types.h> 92 #include <net/route.h> 93 #include <net/netisr.h> 94 #include <net/if_llc.h> 95 96 #include <netinet/in.h> 97 #include <netinet/in_var.h> 98 #include <netinet/if_ether.h> 99 100 #include <sys/thread2.h> 101 #include <sys/msgport2.h> 102 #include <net/netmsg2.h> 103 104 #ifdef CARP 105 #include <netinet/ip_carp.h> 106 #endif 107 108 #define SIN(s) ((struct sockaddr_in *)s) 109 #define SDL(s) ((struct sockaddr_dl *)s) 110 111 SYSCTL_DECL(_net_link_ether); 112 SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, ""); 113 114 /* timer values */ 115 static int arpt_prune = (5*60*1); /* walk list every 5 minutes */ 116 static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ 117 static int arpt_down = 20; /* once declared down, don't send for 20 sec */ 118 119 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, prune_intvl, CTLFLAG_RW, 120 &arpt_prune, 0, ""); 121 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW, 122 &arpt_keep, 0, ""); 123 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, host_down_time, CTLFLAG_RW, 124 &arpt_down, 0, ""); 125 126 #define rt_expire rt_rmx.rmx_expire 127 128 struct llinfo_arp { 129 LIST_ENTRY(llinfo_arp) la_le; 130 struct rtentry *la_rt; 131 struct mbuf *la_hold; /* last packet until resolved/timeout */ 132 u_short la_preempt; /* countdown for pre-expiry arps */ 133 u_short la_asked; /* #times we QUERIED following expiration */ 134 }; 135 136 static LIST_HEAD(, llinfo_arp) llinfo_arp_list[MAXCPU]; 137 138 static int arp_maxtries = 5; 139 static int useloopback = 1; /* use loopback interface for local traffic */ 140 static int arp_proxyall = 0; 141 142 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW, 143 &arp_maxtries, 0, ""); 144 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, useloopback, CTLFLAG_RW, 145 &useloopback, 0, ""); 146 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW, 147 &arp_proxyall, 0, ""); 148 149 static void arp_rtrequest(int, struct rtentry *, struct rt_addrinfo *); 150 static void arprequest(struct ifnet *, struct in_addr *, struct in_addr *, 151 u_char *); 152 static void arpintr(struct netmsg *); 153 static void arptfree(struct llinfo_arp *); 154 static void arptimer(void *); 155 static struct llinfo_arp * 156 arplookup(in_addr_t, boolean_t, boolean_t); 157 #ifdef INET 158 static void in_arpinput(struct mbuf *); 159 #endif 160 161 static struct callout arptimer_ch[MAXCPU]; 162 163 /* 164 * Timeout routine. Age arp_tab entries periodically. 165 */ 166 /* ARGSUSED */ 167 static void 168 arptimer(void *ignored_arg) 169 { 170 struct llinfo_arp *la, *nla; 171 172 crit_enter(); 173 LIST_FOREACH_MUTABLE(la, &llinfo_arp_list[mycpuid], la_le, nla) { 174 if (la->la_rt->rt_expire && la->la_rt->rt_expire <= time_second) 175 arptfree(la); 176 } 177 callout_reset(&arptimer_ch[mycpuid], arpt_prune * hz, arptimer, NULL); 178 crit_exit(); 179 } 180 181 /* 182 * Parallel to llc_rtrequest. 183 */ 184 static void 185 arp_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info) 186 { 187 struct sockaddr *gate = rt->rt_gateway; 188 struct llinfo_arp *la = rt->rt_llinfo; 189 190 struct sockaddr_dl null_sdl = { sizeof null_sdl, AF_LINK }; 191 static boolean_t arpinit_done[MAXCPU]; 192 193 if (!arpinit_done[mycpuid]) { 194 arpinit_done[mycpuid] = TRUE; 195 callout_init(&arptimer_ch[mycpuid]); 196 callout_reset(&arptimer_ch[mycpuid], hz, arptimer, NULL); 197 } 198 if (rt->rt_flags & RTF_GATEWAY) 199 return; 200 201 switch (req) { 202 case RTM_ADD: 203 /* 204 * XXX: If this is a manually added route to interface 205 * such as older version of routed or gated might provide, 206 * restore cloning bit. 207 */ 208 if (!(rt->rt_flags & RTF_HOST) && 209 SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 210 rt->rt_flags |= RTF_CLONING; 211 if (rt->rt_flags & RTF_CLONING) { 212 /* 213 * Case 1: This route should come from a route to iface. 214 */ 215 rt_setgate(rt, rt_key(rt), 216 (struct sockaddr *)&null_sdl); 217 gate = rt->rt_gateway; 218 SDL(gate)->sdl_type = rt->rt_ifp->if_type; 219 SDL(gate)->sdl_index = rt->rt_ifp->if_index; 220 rt->rt_expire = time_second; 221 break; 222 } 223 /* Announce a new entry if requested. */ 224 if (rt->rt_flags & RTF_ANNOUNCE) { 225 arprequest(rt->rt_ifp, 226 &SIN(rt_key(rt))->sin_addr, 227 &SIN(rt_key(rt))->sin_addr, 228 LLADDR(SDL(gate))); 229 } 230 /*FALLTHROUGH*/ 231 case RTM_RESOLVE: 232 if (gate->sa_family != AF_LINK || 233 gate->sa_len < sizeof(struct sockaddr_dl)) { 234 log(LOG_DEBUG, "arp_rtrequest: bad gateway value\n"); 235 break; 236 } 237 SDL(gate)->sdl_type = rt->rt_ifp->if_type; 238 SDL(gate)->sdl_index = rt->rt_ifp->if_index; 239 if (la != NULL) 240 break; /* This happens on a route change */ 241 /* 242 * Case 2: This route may come from cloning, or a manual route 243 * add with a LL address. 244 */ 245 R_Malloc(la, struct llinfo_arp *, sizeof *la); 246 rt->rt_llinfo = la; 247 if (la == NULL) { 248 log(LOG_DEBUG, "arp_rtrequest: malloc failed\n"); 249 break; 250 } 251 bzero(la, sizeof *la); 252 la->la_rt = rt; 253 rt->rt_flags |= RTF_LLINFO; 254 LIST_INSERT_HEAD(&llinfo_arp_list[mycpuid], la, la_le); 255 256 #ifdef INET 257 /* 258 * This keeps the multicast addresses from showing up 259 * in `arp -a' listings as unresolved. It's not actually 260 * functional. Then the same for broadcast. 261 */ 262 if (IN_MULTICAST(ntohl(SIN(rt_key(rt))->sin_addr.s_addr))) { 263 ETHER_MAP_IP_MULTICAST(&SIN(rt_key(rt))->sin_addr, 264 LLADDR(SDL(gate))); 265 SDL(gate)->sdl_alen = 6; 266 rt->rt_expire = 0; 267 } 268 if (in_broadcast(SIN(rt_key(rt))->sin_addr, rt->rt_ifp)) { 269 memcpy(LLADDR(SDL(gate)), rt->rt_ifp->if_broadcastaddr, 270 rt->rt_ifp->if_addrlen); 271 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen; 272 rt->rt_expire = 0; 273 } 274 #endif 275 276 if (SIN(rt_key(rt))->sin_addr.s_addr == 277 (IA_SIN(rt->rt_ifa))->sin_addr.s_addr) { 278 /* 279 * This test used to be 280 * if (loif.if_flags & IFF_UP) 281 * It allowed local traffic to be forced 282 * through the hardware by configuring the 283 * loopback down. However, it causes problems 284 * during network configuration for boards 285 * that can't receive packets they send. It 286 * is now necessary to clear "useloopback" and 287 * remove the route to force traffic out to 288 * the hardware. 289 */ 290 rt->rt_expire = 0; 291 bcopy(IF_LLADDR(rt->rt_ifp), LLADDR(SDL(gate)), 292 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen); 293 if (useloopback) 294 rt->rt_ifp = loif; 295 } 296 break; 297 298 case RTM_DELETE: 299 if (la == NULL) 300 break; 301 LIST_REMOVE(la, la_le); 302 rt->rt_llinfo = NULL; 303 rt->rt_flags &= ~RTF_LLINFO; 304 if (la->la_hold != NULL) 305 m_freem(la->la_hold); 306 Free(la); 307 break; 308 } 309 } 310 311 /* 312 * Broadcast an ARP request. Caller specifies: 313 * - arp header source ip address 314 * - arp header target ip address 315 * - arp header source ethernet address 316 */ 317 static void 318 arprequest(struct ifnet *ifp, struct in_addr *sip, struct in_addr *tip, 319 u_char *enaddr) 320 { 321 struct mbuf *m; 322 struct ether_header *eh; 323 struct arphdr *ah; 324 struct sockaddr sa; 325 u_short ar_hrd; 326 327 if ((m = m_gethdr(MB_DONTWAIT, MT_DATA)) == NULL) 328 return; 329 m->m_pkthdr.rcvif = (struct ifnet *)NULL; 330 331 switch (ifp->if_type) { 332 case IFT_ETHER: 333 /* 334 * This may not be correct for types not explicitly 335 * listed, but this is our best guess 336 */ 337 default: 338 ar_hrd = htons(ARPHRD_ETHER); 339 340 m->m_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 341 m->m_pkthdr.len = m->m_len; 342 MH_ALIGN(m, m->m_len); 343 344 eh = (struct ether_header *)sa.sa_data; 345 /* if_output() will not swap */ 346 eh->ether_type = htons(ETHERTYPE_ARP); 347 memcpy(eh->ether_dhost, ifp->if_broadcastaddr, ifp->if_addrlen); 348 349 ah = mtod(m, struct arphdr *); 350 break; 351 } 352 353 ah->ar_hrd = ar_hrd; 354 ah->ar_pro = htons(ETHERTYPE_IP); 355 ah->ar_hln = ifp->if_addrlen; /* hardware address length */ 356 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */ 357 ah->ar_op = htons(ARPOP_REQUEST); 358 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 359 memset(ar_tha(ah), 0, ah->ar_hln); 360 memcpy(ar_spa(ah), sip, ah->ar_pln); 361 memcpy(ar_tpa(ah), tip, ah->ar_pln); 362 363 sa.sa_family = AF_UNSPEC; 364 sa.sa_len = sizeof sa; 365 ifp->if_output(ifp, m, &sa, NULL); 366 } 367 368 /* 369 * Resolve an IP address into an ethernet address. If success, 370 * desten is filled in. If there is no entry in arptab, 371 * set one up and broadcast a request for the IP address. 372 * Hold onto this mbuf and resend it once the address 373 * is finally resolved. A return value of 1 indicates 374 * that desten has been filled in and the packet should be sent 375 * normally; a 0 return indicates that the packet has been 376 * taken over here, either now or for later transmission. 377 */ 378 int 379 arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 380 struct sockaddr *dst, u_char *desten) 381 { 382 struct rtentry *rt; 383 struct llinfo_arp *la = NULL; 384 struct sockaddr_dl *sdl; 385 386 if (m->m_flags & M_BCAST) { /* broadcast */ 387 memcpy(desten, ifp->if_broadcastaddr, ifp->if_addrlen); 388 return (1); 389 } 390 if (m->m_flags & M_MCAST) {/* multicast */ 391 ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten); 392 return (1); 393 } 394 if (rt0 != NULL) { 395 if (rt_llroute(dst, rt0, &rt) != 0) { 396 m_freem(m); 397 return 0; 398 } 399 la = rt->rt_llinfo; 400 } 401 if (la == NULL) { 402 la = arplookup(SIN(dst)->sin_addr.s_addr, TRUE, FALSE); 403 if (la != NULL) 404 rt = la->la_rt; 405 } 406 if (la == NULL || rt == NULL) { 407 log(LOG_DEBUG, "arpresolve: can't allocate llinfo for %s%s%s\n", 408 inet_ntoa(SIN(dst)->sin_addr), la ? "la" : " ", 409 rt ? "rt" : ""); 410 m_freem(m); 411 return (0); 412 } 413 sdl = SDL(rt->rt_gateway); 414 /* 415 * Check the address family and length is valid, the address 416 * is resolved; otherwise, try to resolve. 417 */ 418 if ((rt->rt_expire == 0 || rt->rt_expire > time_second) && 419 sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0) { 420 /* 421 * If entry has an expiry time and it is approaching, 422 * see if we need to send an ARP request within this 423 * arpt_down interval. 424 */ 425 if ((rt->rt_expire != 0) && 426 (time_second + la->la_preempt > rt->rt_expire)) { 427 arprequest(ifp, 428 &SIN(rt->rt_ifa->ifa_addr)->sin_addr, 429 &SIN(dst)->sin_addr, 430 IF_LLADDR(ifp)); 431 la->la_preempt--; 432 } 433 434 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 435 return 1; 436 } 437 /* 438 * If ARP is disabled on this interface, stop. 439 * XXX 440 * Probably should not allocate empty llinfo struct if we are 441 * not going to be sending out an arp request. 442 */ 443 if (ifp->if_flags & IFF_NOARP) { 444 m_freem(m); 445 return (0); 446 } 447 /* 448 * There is an arptab entry, but no ethernet address 449 * response yet. Replace the held mbuf with this 450 * latest one. 451 */ 452 if (la->la_hold != NULL) 453 m_freem(la->la_hold); 454 la->la_hold = m; 455 if (rt->rt_expire || ((rt->rt_flags & RTF_STATIC) && !sdl->sdl_alen)) { 456 rt->rt_flags &= ~RTF_REJECT; 457 if (la->la_asked == 0 || rt->rt_expire != time_second) { 458 rt->rt_expire = time_second; 459 if (la->la_asked++ < arp_maxtries) { 460 arprequest(ifp, 461 &SIN(rt->rt_ifa->ifa_addr)->sin_addr, 462 &SIN(dst)->sin_addr, 463 IF_LLADDR(ifp)); 464 } else { 465 rt->rt_flags |= RTF_REJECT; 466 rt->rt_expire += arpt_down; 467 la->la_asked = 0; 468 la->la_preempt = arp_maxtries; 469 } 470 } 471 } 472 return (0); 473 } 474 475 /* 476 * Common length and type checks are done here, 477 * then the protocol-specific routine is called. 478 */ 479 static void 480 arpintr(struct netmsg *msg) 481 { 482 struct mbuf *m = ((struct netmsg_packet *)msg)->nm_packet; 483 struct arphdr *ar; 484 u_short ar_hrd; 485 486 if (m->m_len < sizeof(struct arphdr) && 487 (m = m_pullup(m, sizeof(struct arphdr))) == NULL) { 488 log(LOG_ERR, "arp: runt packet -- m_pullup failed\n"); 489 return; 490 } 491 ar = mtod(m, struct arphdr *); 492 493 ar_hrd = ntohs(ar->ar_hrd); 494 if (ar_hrd != ARPHRD_ETHER && ar_hrd != ARPHRD_IEEE802) { 495 log(LOG_ERR, "arp: unknown hardware address format (0x%2D)\n", 496 (unsigned char *)&ar->ar_hrd, ""); 497 m_freem(m); 498 return; 499 } 500 501 if (m->m_pkthdr.len < arphdr_len(ar)) { 502 if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { 503 log(LOG_ERR, "arp: runt packet\n"); 504 return; 505 } 506 ar = mtod(m, struct arphdr *); 507 } 508 509 switch (ntohs(ar->ar_pro)) { 510 #ifdef INET 511 case ETHERTYPE_IP: 512 in_arpinput(m); 513 return; 514 #endif 515 } 516 m_freem(m); 517 /* msg was embedded in the mbuf, do not reply! */ 518 } 519 520 #ifdef INET 521 /* 522 * ARP for Internet protocols on 10 Mb/s Ethernet. 523 * Algorithm is that given in RFC 826. 524 * In addition, a sanity check is performed on the sender 525 * protocol address, to catch impersonators. 526 * We no longer handle negotiations for use of trailer protocol: 527 * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent 528 * along with IP replies if we wanted trailers sent to us, 529 * and also sent them in response to IP replies. 530 * This allowed either end to announce the desire to receive 531 * trailer packets. 532 * We no longer reply to requests for ETHERTYPE_TRAIL protocol either, 533 * but formerly didn't normally send requests. 534 */ 535 static int log_arp_wrong_iface = 1; 536 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW, 537 &log_arp_wrong_iface, 0, 538 "log arp packets arriving on the wrong interface"); 539 540 static void 541 arp_update_oncpu(struct mbuf *m, in_addr_t saddr, boolean_t create, 542 boolean_t dologging) 543 { 544 struct arphdr *ah = mtod(m, struct arphdr *); 545 struct ifnet *ifp = m->m_pkthdr.rcvif; 546 struct llinfo_arp *la; 547 struct sockaddr_dl *sdl; 548 struct rtentry *rt; 549 550 la = arplookup(saddr, create, FALSE); 551 if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) { 552 struct in_addr isaddr = { saddr }; 553 554 /* the following is not an error when doing bridging */ 555 if (rt->rt_ifp != ifp) { 556 if (dologging && log_arp_wrong_iface) { 557 log(LOG_ERR, 558 "arp: %s is on %s " 559 "but got reply from %*D on %s\n", 560 inet_ntoa(isaddr), 561 rt->rt_ifp->if_xname, 562 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 563 ifp->if_xname); 564 } 565 return; 566 } 567 if (sdl->sdl_alen && 568 bcmp(ar_sha(ah), LLADDR(sdl), sdl->sdl_alen)) { 569 if (rt->rt_expire != 0) { 570 if (dologging) { 571 log(LOG_INFO, 572 "arp: %s moved from %*D to %*D on %s\n", 573 inet_ntoa(isaddr), 574 ifp->if_addrlen, (u_char *)LLADDR(sdl), 575 ":", ifp->if_addrlen, 576 (u_char *)ar_sha(ah), ":", 577 ifp->if_xname); 578 } 579 } else { 580 if (dologging) { 581 log(LOG_ERR, 582 "arp: %*D attempts to modify " 583 "permanent entry for %s on %s\n", 584 ifp->if_addrlen, (u_char *)ar_sha(ah), 585 ":", inet_ntoa(isaddr), ifp->if_xname); 586 } 587 return; 588 } 589 } 590 /* 591 * sanity check for the address length. 592 * XXX this does not work for protocols with variable address 593 * length. -is 594 */ 595 if (dologging && sdl->sdl_alen && sdl->sdl_alen != ah->ar_hln) { 596 log(LOG_WARNING, 597 "arp from %*D: new addr len %d, was %d", 598 ifp->if_addrlen, (u_char *) ar_sha(ah), ":", 599 ah->ar_hln, sdl->sdl_alen); 600 } 601 if (ifp->if_addrlen != ah->ar_hln) { 602 if (dologging) { 603 log(LOG_WARNING, 604 "arp from %*D: addr len: new %d, i/f %d " 605 "(ignored)", 606 ifp->if_addrlen, (u_char *) ar_sha(ah), ":", 607 ah->ar_hln, ifp->if_addrlen); 608 } 609 return; 610 } 611 memcpy(LLADDR(sdl), ar_sha(ah), sdl->sdl_alen = ah->ar_hln); 612 if (rt->rt_expire != 0) 613 rt->rt_expire = time_second + arpt_keep; 614 rt->rt_flags &= ~RTF_REJECT; 615 la->la_asked = 0; 616 la->la_preempt = arp_maxtries; 617 618 /* 619 * This particular cpu might have been holding an mbuf 620 * pending ARP resolution. If so, transmit the mbuf now. 621 */ 622 if (la->la_hold != NULL) { 623 m_adj(la->la_hold, sizeof(struct ether_header)); 624 ifp->if_output(ifp, la->la_hold, rt_key(rt), rt); 625 la->la_hold = NULL; 626 } 627 } 628 } 629 630 #ifdef SMP 631 632 struct netmsg_arp_update { 633 struct netmsg netmsg; 634 struct mbuf *m; 635 in_addr_t saddr; 636 boolean_t create; 637 }; 638 639 static void arp_update_msghandler(struct netmsg *); 640 641 #endif 642 643 /* 644 * Called from arpintr() - this routine is run from a single cpu. 645 */ 646 static void 647 in_arpinput(struct mbuf *m) 648 { 649 struct arphdr *ah; 650 struct ifnet *ifp = m->m_pkthdr.rcvif; 651 struct ether_header *eh; 652 struct rtentry *rt; 653 struct ifaddr_container *ifac; 654 struct in_ifaddr_container *iac; 655 struct in_ifaddr *ia; 656 struct sockaddr sa; 657 struct in_addr isaddr, itaddr, myaddr; 658 #ifdef SMP 659 struct netmsg_arp_update msg; 660 #endif 661 u_int8_t *enaddr = NULL; 662 int op; 663 int req_len; 664 665 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 666 if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) { 667 log(LOG_ERR, "in_arp: runt packet -- m_pullup failed\n"); 668 return; 669 } 670 671 ah = mtod(m, struct arphdr *); 672 op = ntohs(ah->ar_op); 673 memcpy(&isaddr, ar_spa(ah), sizeof isaddr); 674 memcpy(&itaddr, ar_tpa(ah), sizeof itaddr); 675 /* 676 * Check both target and sender IP addresses: 677 * 678 * If we receive the packet on the interface owning the address, 679 * then accept the address. 680 * 681 * For a bridge, we accept the address if the receive interface and 682 * the interface owning the address are on the same bridge. 683 * (This will change slightly when we have clusters of interfaces). 684 */ 685 LIST_FOREACH(iac, INADDR_HASH(itaddr.s_addr), ia_hash) { 686 ia = iac->ia; 687 688 /* Skip all ia's which don't match */ 689 if (itaddr.s_addr != ia->ia_addr.sin_addr.s_addr) 690 continue; 691 692 if (ia->ia_ifp == ifp) 693 goto match; 694 695 if (ifp->if_bridge && ia->ia_ifp && 696 ifp->if_bridge == ia->ia_ifp->if_bridge) 697 goto match; 698 699 #ifdef CARP 700 /* 701 * If the interface does not match, but the recieving interface 702 * is part of carp, we call carp_iamatch to see if this is a 703 * request for the virtual host ip. 704 * XXX: This is really ugly! 705 */ 706 if (ifp->if_carp != NULL && 707 carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr) && 708 itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) 709 goto match; 710 #endif 711 } 712 LIST_FOREACH(iac, INADDR_HASH(isaddr.s_addr), ia_hash) { 713 ia = iac->ia; 714 715 /* Skip all ia's which don't match */ 716 if (isaddr.s_addr != ia->ia_addr.sin_addr.s_addr) 717 continue; 718 719 if (ia->ia_ifp == ifp) 720 goto match; 721 722 if (ifp->if_bridge && ia->ia_ifp && 723 ifp->if_bridge == ia->ia_ifp->if_bridge) 724 goto match; 725 } 726 /* 727 * No match, use the first inet address on the receive interface 728 * as a dummy address for the rest of the function. 729 */ 730 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) { 731 struct ifaddr *ifa = ifac->ifa; 732 733 if (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) { 734 ia = ifatoia(ifa); 735 goto match; 736 } 737 } 738 /* 739 * If we got here, we didn't find any suitable interface, 740 * so drop the packet. 741 */ 742 m_freem(m); 743 return; 744 745 match: 746 if (!enaddr) 747 enaddr = (u_int8_t *)IF_LLADDR(ifp); 748 myaddr = ia->ia_addr.sin_addr; 749 if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen)) { 750 m_freem(m); /* it's from me, ignore it. */ 751 return; 752 } 753 if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) { 754 log(LOG_ERR, 755 "arp: link address is broadcast for IP address %s!\n", 756 inet_ntoa(isaddr)); 757 m_freem(m); 758 return; 759 } 760 if (isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) { 761 log(LOG_ERR, 762 "arp: %*D is using my IP address %s!\n", 763 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 764 inet_ntoa(isaddr)); 765 itaddr = myaddr; 766 goto reply; 767 } 768 #ifdef SMP 769 netmsg_init(&msg.netmsg, &curthread->td_msgport, 0, 770 arp_update_msghandler); 771 msg.m = m; 772 msg.saddr = isaddr.s_addr; 773 msg.create = (itaddr.s_addr == myaddr.s_addr); 774 lwkt_domsg(rtable_portfn(0), &msg.netmsg.nm_lmsg, 0); 775 #else 776 arp_update_oncpu(m, isaddr.s_addr, (itaddr.s_addr == myaddr.s_addr), 777 TRUE); 778 #endif 779 reply: 780 if (op != ARPOP_REQUEST) { 781 m_freem(m); 782 return; 783 } 784 if (itaddr.s_addr == myaddr.s_addr) { 785 /* I am the target */ 786 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 787 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 788 } else { 789 struct llinfo_arp *la; 790 791 la = arplookup(itaddr.s_addr, FALSE, SIN_PROXY); 792 if (la == NULL) { 793 struct sockaddr_in sin; 794 795 if (!arp_proxyall) { 796 m_freem(m); 797 return; 798 } 799 800 bzero(&sin, sizeof sin); 801 sin.sin_family = AF_INET; 802 sin.sin_len = sizeof sin; 803 sin.sin_addr = itaddr; 804 805 rt = rtpurelookup((struct sockaddr *)&sin); 806 if (rt == NULL) { 807 m_freem(m); 808 return; 809 } 810 --rt->rt_refcnt; 811 /* 812 * Don't send proxies for nodes on the same interface 813 * as this one came out of, or we'll get into a fight 814 * over who claims what Ether address. 815 */ 816 if (rt->rt_ifp == ifp) { 817 m_freem(m); 818 return; 819 } 820 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 821 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 822 #ifdef DEBUG_PROXY 823 kprintf("arp: proxying for %s\n", inet_ntoa(itaddr)); 824 #endif 825 } else { 826 struct sockaddr_dl *sdl; 827 828 rt = la->la_rt; 829 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 830 sdl = SDL(rt->rt_gateway); 831 memcpy(ar_sha(ah), LLADDR(sdl), ah->ar_hln); 832 } 833 } 834 835 memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 836 memcpy(ar_spa(ah), &itaddr, ah->ar_pln); 837 ah->ar_op = htons(ARPOP_REPLY); 838 ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */ 839 switch (ifp->if_type) { 840 case IFT_ETHER: 841 /* 842 * May not be correct for types not explictly 843 * listed, but it is our best guess. 844 */ 845 default: 846 eh = (struct ether_header *)sa.sa_data; 847 memcpy(eh->ether_dhost, ar_tha(ah), sizeof eh->ether_dhost); 848 eh->ether_type = htons(ETHERTYPE_ARP); 849 break; 850 } 851 sa.sa_family = AF_UNSPEC; 852 sa.sa_len = sizeof sa; 853 ifp->if_output(ifp, m, &sa, NULL); 854 } 855 856 #ifdef SMP 857 858 static void 859 arp_update_msghandler(struct netmsg *netmsg) 860 { 861 struct netmsg_arp_update *msg = (struct netmsg_arp_update *)netmsg; 862 int nextcpu; 863 864 arp_update_oncpu(msg->m, msg->saddr, msg->create, mycpuid == 0); 865 866 nextcpu = mycpuid + 1; 867 if (nextcpu < ncpus) 868 lwkt_forwardmsg(rtable_portfn(nextcpu), &msg->netmsg.nm_lmsg); 869 else 870 lwkt_replymsg(&msg->netmsg.nm_lmsg, 0); 871 } 872 873 #endif /* SMP */ 874 875 #endif /* INET */ 876 877 /* 878 * Free an arp entry. If the arp entry is actively referenced or represents 879 * a static entry we only clear it back to an unresolved state, otherwise 880 * we destroy the entry entirely. 881 * 882 * Note that static entries are created when route add ... -interface is used 883 * to create an interface route to a (direct) destination. 884 */ 885 static void 886 arptfree(struct llinfo_arp *la) 887 { 888 struct rtentry *rt = la->la_rt; 889 struct sockaddr_dl *sdl; 890 891 if (rt == NULL) 892 panic("arptfree"); 893 sdl = SDL(rt->rt_gateway); 894 if (sdl != NULL && 895 ((rt->rt_refcnt > 0 && sdl->sdl_family == AF_LINK) || 896 (rt->rt_flags & RTF_STATIC))) { 897 sdl->sdl_alen = 0; 898 la->la_preempt = la->la_asked = 0; 899 rt->rt_flags &= ~RTF_REJECT; 900 return; 901 } 902 rtrequest(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt), 0, NULL); 903 } 904 905 /* 906 * Lookup or enter a new address in arptab. 907 */ 908 static struct llinfo_arp * 909 arplookup(in_addr_t addr, boolean_t create, boolean_t proxy) 910 { 911 struct rtentry *rt; 912 struct sockaddr_inarp sin = { sizeof sin, AF_INET }; 913 const char *why = NULL; 914 915 sin.sin_addr.s_addr = addr; 916 sin.sin_other = proxy ? SIN_PROXY : 0; 917 if (create) 918 rt = rtlookup((struct sockaddr *)&sin); 919 else 920 rt = rtpurelookup((struct sockaddr *)&sin); 921 if (rt == NULL) 922 return (NULL); 923 rt->rt_refcnt--; 924 925 if (rt->rt_flags & RTF_GATEWAY) 926 why = "host is not on local network"; 927 else if (!(rt->rt_flags & RTF_LLINFO)) 928 why = "could not allocate llinfo"; 929 else if (rt->rt_gateway->sa_family != AF_LINK) 930 why = "gateway route is not ours"; 931 932 if (why) { 933 if (create) { 934 log(LOG_DEBUG, "arplookup %s failed: %s\n", 935 inet_ntoa(sin.sin_addr), why); 936 } 937 if (rt->rt_refcnt <= 0 && (rt->rt_flags & RTF_WASCLONED)) { 938 /* No references to this route. Purge it. */ 939 rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway, 940 rt_mask(rt), rt->rt_flags, NULL); 941 } 942 return (NULL); 943 } 944 return (rt->rt_llinfo); 945 } 946 947 void 948 arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa) 949 { 950 ASSERT_SERIALIZED(ifp->if_serializer); 951 952 if (IA_SIN(ifa)->sin_addr.s_addr != INADDR_ANY) { 953 lwkt_serialize_exit(ifp->if_serializer); 954 arprequest(ifp, &IA_SIN(ifa)->sin_addr, &IA_SIN(ifa)->sin_addr, 955 IF_LLADDR(ifp)); 956 lwkt_serialize_enter(ifp->if_serializer); 957 } 958 ifa->ifa_rtrequest = arp_rtrequest; 959 ifa->ifa_flags |= RTF_CLONING; 960 } 961 962 void 963 arp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr) 964 { 965 ASSERT_NOT_SERIALIZED(ifp->if_serializer); 966 967 if (IA_SIN(ifa)->sin_addr.s_addr != INADDR_ANY) 968 arprequest(ifp, &IA_SIN(ifa)->sin_addr, &IA_SIN(ifa)->sin_addr, 969 enaddr); 970 ifa->ifa_rtrequest = arp_rtrequest; 971 ifa->ifa_flags |= RTF_CLONING; 972 } 973 974 static void 975 arp_init(void) 976 { 977 int cpu; 978 979 for (cpu = 0; cpu < ncpus2; cpu++) 980 LIST_INIT(&llinfo_arp_list[cpu]); 981 netisr_register(NETISR_ARP, cpu0_portfn, arpintr, 982 NETISR_FLAG_NOTMPSAFE); 983 } 984 985 SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0); 986