xref: /netbsd-src/sys/netinet/if_arp.c (revision a6f3f22f245acb8ee3bbf6871d7dce989204fa97)
1 /*	$NetBSD: if_arp.c,v 1.191 2015/10/20 07:46:59 ozaki-r Exp $	*/
2 
3 /*-
4  * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Public Access Networks Corporation ("Panix").  It was developed under
9  * contract to Panix by Eric Haszlakiewicz and Thor Lancelot Simon.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  * POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /*
34  * Copyright (c) 1982, 1986, 1988, 1993
35  *	The Regents of the University of California.  All rights reserved.
36  *
37  * Redistribution and use in source and binary forms, with or without
38  * modification, are permitted provided that the following conditions
39  * are met:
40  * 1. Redistributions of source code must retain the above copyright
41  *    notice, this list of conditions and the following disclaimer.
42  * 2. Redistributions in binary form must reproduce the above copyright
43  *    notice, this list of conditions and the following disclaimer in the
44  *    documentation and/or other materials provided with the distribution.
45  * 3. Neither the name of the University nor the names of its contributors
46  *    may be used to endorse or promote products derived from this software
47  *    without specific prior written permission.
48  *
49  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59  * SUCH DAMAGE.
60  *
61  *	@(#)if_ether.c	8.2 (Berkeley) 9/26/94
62  */
63 
64 /*
65  * Ethernet address resolution protocol.
66  * TODO:
67  *	add "inuse/lock" bit (or ref. count) along with valid bit
68  */
69 
70 #include <sys/cdefs.h>
71 __KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.191 2015/10/20 07:46:59 ozaki-r Exp $");
72 
73 #ifdef _KERNEL_OPT
74 #include "opt_ddb.h"
75 #include "opt_inet.h"
76 #endif
77 
78 #ifdef INET
79 
80 #include "bridge.h"
81 
82 #include <sys/param.h>
83 #include <sys/systm.h>
84 #include <sys/callout.h>
85 #include <sys/malloc.h>
86 #include <sys/mbuf.h>
87 #include <sys/socket.h>
88 #include <sys/time.h>
89 #include <sys/timetc.h>
90 #include <sys/kernel.h>
91 #include <sys/errno.h>
92 #include <sys/ioctl.h>
93 #include <sys/syslog.h>
94 #include <sys/proc.h>
95 #include <sys/protosw.h>
96 #include <sys/domain.h>
97 #include <sys/sysctl.h>
98 #include <sys/socketvar.h>
99 #include <sys/percpu.h>
100 #include <sys/cprng.h>
101 #include <sys/kmem.h>
102 
103 #include <net/ethertypes.h>
104 #include <net/if.h>
105 #include <net/if_dl.h>
106 #include <net/if_token.h>
107 #include <net/if_types.h>
108 #include <net/if_ether.h>
109 #include <net/if_llatbl.h>
110 #include <net/net_osdep.h>
111 #include <net/route.h>
112 #include <net/net_stats.h>
113 
114 #include <netinet/in.h>
115 #include <netinet/in_systm.h>
116 #include <netinet/in_var.h>
117 #include <netinet/ip.h>
118 #include <netinet/if_inarp.h>
119 
120 #include "arcnet.h"
121 #if NARCNET > 0
122 #include <net/if_arc.h>
123 #endif
124 #include "fddi.h"
125 #if NFDDI > 0
126 #include <net/if_fddi.h>
127 #endif
128 #include "token.h"
129 #include "carp.h"
130 #if NCARP > 0
131 #include <netinet/ip_carp.h>
132 #endif
133 
134 #define SIN(s) ((struct sockaddr_in *)s)
135 #define SRP(s) ((struct sockaddr_inarp *)s)
136 
137 /*
138  * ARP trailer negotiation.  Trailer protocol is not IP specific,
139  * but ARP request/response use IP addresses.
140  */
141 #define ETHERTYPE_IPTRAILERS ETHERTYPE_TRAIL
142 
143 /* timer values */
144 static int	arpt_keep = (20*60);	/* once resolved, good for 20 more minutes */
145 static int	arpt_down = 20;		/* once declared down, don't send for 20 secs */
146 static int	arp_maxhold = 1;	/* number of packets to hold per ARP entry */
147 #define	rt_expire rt_rmx.rmx_expire
148 #define	rt_pksent rt_rmx.rmx_pksent
149 
150 int		ip_dad_count = PROBE_NUM;
151 #ifdef ARP_DEBUG
152 static int	arp_debug = 1;
153 #else
154 static int	arp_debug = 0;
155 #endif
156 #define arplog(x)	do { if (arp_debug) log x; } while (/*CONSTCOND*/ 0)
157 
158 static	void arp_init(void);
159 
160 static	struct sockaddr *arp_setgate(struct rtentry *, struct sockaddr *,
161 	    const struct sockaddr *);
162 static	void arptfree(struct rtentry *);
163 static	void arptimer(void *);
164 static	struct llentry *arplookup(struct ifnet *, struct mbuf *,
165 	    const struct in_addr *, int, int, int, struct rtentry *);
166 static	void in_arpinput(struct mbuf *);
167 static	void in_revarpinput(struct mbuf *);
168 static	void revarprequest(struct ifnet *);
169 
170 static	void arp_drainstub(void);
171 
172 static void arp_dad_timer(struct ifaddr *);
173 static void arp_dad_start(struct ifaddr *);
174 static void arp_dad_stop(struct ifaddr *);
175 static void arp_dad_duplicated(struct ifaddr *);
176 
177 struct	ifqueue arpintrq = {
178 	.ifq_head = NULL,
179 	.ifq_tail = NULL,
180 	.ifq_len = 0,
181 	.ifq_maxlen = 50,
182 	.ifq_drops = 0,
183 };
184 static int	arp_inuse, arp_allocated;
185 static int	arp_maxtries = 5;
186 static int	useloopback = 1;	/* use loopback interface for local traffic */
187 
188 static percpu_t *arpstat_percpu;
189 
190 #define	ARP_STAT_GETREF()	_NET_STAT_GETREF(arpstat_percpu)
191 #define	ARP_STAT_PUTREF()	_NET_STAT_PUTREF(arpstat_percpu)
192 
193 #define	ARP_STATINC(x)		_NET_STATINC(arpstat_percpu, x)
194 #define	ARP_STATADD(x, v)	_NET_STATADD(arpstat_percpu, x, v)
195 
196 /* revarp state */
197 static struct	in_addr myip, srv_ip;
198 static int	myip_initialized = 0;
199 static int	revarp_in_progress = 0;
200 static struct	ifnet *myip_ifp = NULL;
201 
202 #ifdef DDB
203 static void db_print_sa(const struct sockaddr *);
204 static void db_print_ifa(struct ifaddr *);
205 static void db_print_llinfo(void *);
206 static int db_show_rtentry(struct rtentry *, void *);
207 #endif
208 
209 static int arp_drainwanted;
210 
211 static int log_movements = 1;
212 static int log_permanent_modify = 1;
213 static int log_wrong_iface = 1;
214 static int log_unknown_network = 1;
215 
216 /*
217  * this should be elsewhere.
218  */
219 
220 static char *
221 lla_snprintf(u_int8_t *, int);
222 
223 static char *
224 lla_snprintf(u_int8_t *adrp, int len)
225 {
226 #define NUMBUFS 3
227 	static char buf[NUMBUFS][16*3];
228 	static int bnum = 0;
229 
230 	int i;
231 	char *p;
232 
233 	p = buf[bnum];
234 
235 	*p++ = hexdigits[(*adrp)>>4];
236 	*p++ = hexdigits[(*adrp++)&0xf];
237 
238 	for (i=1; i<len && i<16; i++) {
239 		*p++ = ':';
240 		*p++ = hexdigits[(*adrp)>>4];
241 		*p++ = hexdigits[(*adrp++)&0xf];
242 	}
243 
244 	*p = 0;
245 	p = buf[bnum];
246 	bnum = (bnum + 1) % NUMBUFS;
247 	return p;
248 }
249 
250 DOMAIN_DEFINE(arpdomain);	/* forward declare and add to link set */
251 
252 static void
253 arp_fasttimo(void)
254 {
255 	if (arp_drainwanted) {
256 		arp_drain();
257 		arp_drainwanted = 0;
258 	}
259 }
260 
261 const struct protosw arpsw[] = {
262 	{ .pr_type = 0,
263 	  .pr_domain = &arpdomain,
264 	  .pr_protocol = 0,
265 	  .pr_flags = 0,
266 	  .pr_input = 0,
267 	  .pr_output = 0,
268 	  .pr_ctlinput = 0,
269 	  .pr_ctloutput = 0,
270 	  .pr_usrreqs = 0,
271 	  .pr_init = arp_init,
272 	  .pr_fasttimo = arp_fasttimo,
273 	  .pr_slowtimo = 0,
274 	  .pr_drain = arp_drainstub,
275 	}
276 };
277 
278 struct domain arpdomain = {
279 	.dom_family = PF_ARP,
280 	.dom_name = "arp",
281 	.dom_protosw = arpsw,
282 	.dom_protoswNPROTOSW = &arpsw[__arraycount(arpsw)],
283 };
284 
285 static void sysctl_net_inet_arp_setup(struct sysctllog **);
286 
287 void
288 arp_init(void)
289 {
290 
291 	sysctl_net_inet_arp_setup(NULL);
292 	arpstat_percpu = percpu_alloc(sizeof(uint64_t) * ARP_NSTATS);
293 }
294 
295 static void
296 arp_drainstub(void)
297 {
298 	arp_drainwanted = 1;
299 }
300 
301 /*
302  * ARP protocol drain routine.  Called when memory is in short supply.
303  * Called at splvm();  don't acquire softnet_lock as can be called from
304  * hardware interrupt handlers.
305  */
306 void
307 arp_drain(void)
308 {
309 
310 	lltable_drain(AF_INET);
311 }
312 
313 static void
314 arptimer(void *arg)
315 {
316 	struct llentry *lle = arg;
317 	struct ifnet *ifp;
318 	struct rtentry *rt;
319 
320 	if (lle == NULL)
321 		return;
322 
323 	if (lle->la_flags & LLE_STATIC)
324 		return;
325 
326 	LLE_WLOCK(lle);
327 	if (callout_pending(&lle->la_timer)) {
328 		/*
329 		 * Here we are a bit odd here in the treatment of
330 		 * active/pending. If the pending bit is set, it got
331 		 * rescheduled before I ran. The active
332 		 * bit we ignore, since if it was stopped
333 		 * in ll_tablefree() and was currently running
334 		 * it would have return 0 so the code would
335 		 * not have deleted it since the callout could
336 		 * not be stopped so we want to go through
337 		 * with the delete here now. If the callout
338 		 * was restarted, the pending bit will be back on and
339 		 * we just want to bail since the callout_reset would
340 		 * return 1 and our reference would have been removed
341 		 * by arpresolve() below.
342 		 */
343 		LLE_WUNLOCK(lle);
344 		return;
345 	}
346 	ifp = lle->lle_tbl->llt_ifp;
347 	rt = lle->la_rt;
348 	lle->la_rt = NULL;
349 
350 	callout_stop(&lle->la_timer);
351 
352 	/* XXX: LOR avoidance. We still have ref on lle. */
353 	LLE_WUNLOCK(lle);
354 
355 	if (rt != NULL) {
356 		/* We have to call arptfree w/o IF_AFDATA_LOCK */
357 		arptfree(rt);
358 	}
359 
360 	IF_AFDATA_LOCK(ifp);
361 	LLE_WLOCK(lle);
362 
363 	/* Guard against race with other llentry_free(). */
364 	if (lle->la_flags & LLE_LINKED) {
365 		size_t pkts_dropped;
366 
367 		LLE_REMREF(lle);
368 		pkts_dropped = llentry_free(lle);
369 		ARP_STATADD(ARP_STAT_DFRDROPPED, pkts_dropped);
370 	} else {
371 		LLE_FREE_LOCKED(lle);
372 	}
373 
374 	IF_AFDATA_UNLOCK(ifp);
375 }
376 
377 /*
378  * We set the gateway for RTF_CLONING routes to a "prototype"
379  * link-layer sockaddr whose interface type (if_type) and interface
380  * index (if_index) fields are prepared.
381  */
382 static struct sockaddr *
383 arp_setgate(struct rtentry *rt, struct sockaddr *gate,
384     const struct sockaddr *netmask)
385 {
386 	const struct ifnet *ifp = rt->rt_ifp;
387 	uint8_t namelen = strlen(ifp->if_xname);
388 	uint8_t addrlen = ifp->if_addrlen;
389 
390 	/*
391 	 * XXX: If this is a manually added route to interface
392 	 * such as older version of routed or gated might provide,
393 	 * restore cloning bit.
394 	 */
395 	if ((rt->rt_flags & RTF_HOST) == 0 && netmask != NULL &&
396 	    satocsin(netmask)->sin_addr.s_addr != 0xffffffff)
397 		rt->rt_flags |= RTF_CLONING;
398 	if (rt->rt_flags & RTF_CLONING ||
399 	    ((rt->rt_flags & (RTF_LLINFO | RTF_LOCAL)) && !rt->rt_llinfo))
400 	{
401 		union {
402 			struct sockaddr sa;
403 			struct sockaddr_storage ss;
404 			struct sockaddr_dl sdl;
405 		} u;
406 		/*
407 		 * Case 1: This route should come from a route to iface.
408 		 */
409 		sockaddr_dl_init(&u.sdl, sizeof(u.ss),
410 		    ifp->if_index, ifp->if_type, NULL, namelen, NULL, addrlen);
411 		rt_setgate(rt, &u.sa);
412 		gate = rt->rt_gateway;
413 	}
414 	return gate;
415 }
416 
417 /*
418  * Parallel to llc_rtrequest.
419  */
420 void
421 arp_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info)
422 {
423 	struct sockaddr *gate = rt->rt_gateway;
424 	struct llentry *la = NULL;
425 	struct in_ifaddr *ia;
426 	struct ifaddr *ifa;
427 	struct ifnet *ifp = rt->rt_ifp;
428 	int flags = 0;
429 
430 	if (req == RTM_LLINFO_UPD) {
431 		struct in_addr *in;
432 
433 		if ((ifa = info->rti_ifa) == NULL)
434 			return;
435 
436 		in = &ifatoia(ifa)->ia_addr.sin_addr;
437 
438 		if (ifatoia(ifa)->ia4_flags &
439 		    (IN_IFF_NOTREADY | IN_IFF_DETACHED))
440 		{
441 			arplog((LOG_DEBUG, "arp_request: %s not ready\n",
442 			   in_fmtaddr(*in)));
443 			return;
444 		}
445 
446 		arprequest(ifa->ifa_ifp, in, in,
447 		    CLLADDR(ifa->ifa_ifp->if_sadl));
448 		return;
449 	}
450 
451 	if ((rt->rt_flags & RTF_GATEWAY) != 0) {
452 		if (req != RTM_ADD)
453 			return;
454 
455 		/*
456 		 * linklayers with particular link MTU limitation.
457 		 */
458 		switch(ifp->if_type) {
459 #if NFDDI > 0
460 		case IFT_FDDI:
461 			if (ifp->if_mtu > FDDIIPMTU)
462 				rt->rt_rmx.rmx_mtu = FDDIIPMTU;
463 			break;
464 #endif
465 #if NARCNET > 0
466 		case IFT_ARCNET:
467 		    {
468 			int arcipifmtu;
469 
470 			if (ifp->if_flags & IFF_LINK0)
471 				arcipifmtu = arc_ipmtu;
472 			else
473 				arcipifmtu = ARCMTU;
474 			if (ifp->if_mtu > arcipifmtu)
475 				rt->rt_rmx.rmx_mtu = arcipifmtu;
476 			break;
477 		    }
478 #endif
479 		}
480 		return;
481 	}
482 
483 	IF_AFDATA_RLOCK(ifp);
484 	la = lla_lookup(LLTABLE(ifp), flags, rt_getkey(rt));
485 	IF_AFDATA_RUNLOCK(ifp);
486 
487 	switch (req) {
488 	case RTM_SETGATE:
489 		gate = arp_setgate(rt, gate, info->rti_info[RTAX_NETMASK]);
490 		break;
491 	case RTM_ADD:
492 		gate = arp_setgate(rt, gate, info->rti_info[RTAX_NETMASK]);
493 		if (rt->rt_flags & RTF_CLONING ||
494 		    ((rt->rt_flags & (RTF_LLINFO | RTF_LOCAL)) && !la))
495 		{
496 			/*
497 			 * Give this route an expiration time, even though
498 			 * it's a "permanent" route, so that routes cloned
499 			 * from it do not need their expiration time set.
500 			 */
501 			KASSERT(time_uptime != 0);
502 			rt->rt_expire = time_uptime;
503 			/*
504 			 * linklayers with particular link MTU limitation.
505 			 */
506 			switch (ifp->if_type) {
507 #if NFDDI > 0
508 			case IFT_FDDI:
509 				if ((rt->rt_rmx.rmx_locks & RTV_MTU) == 0 &&
510 				    (rt->rt_rmx.rmx_mtu > FDDIIPMTU ||
511 				     (rt->rt_rmx.rmx_mtu == 0 &&
512 				      ifp->if_mtu > FDDIIPMTU)))
513 					rt->rt_rmx.rmx_mtu = FDDIIPMTU;
514 				break;
515 #endif
516 #if NARCNET > 0
517 			case IFT_ARCNET:
518 			    {
519 				int arcipifmtu;
520 				if (ifp->if_flags & IFF_LINK0)
521 					arcipifmtu = arc_ipmtu;
522 				else
523 					arcipifmtu = ARCMTU;
524 
525 				if ((rt->rt_rmx.rmx_locks & RTV_MTU) == 0 &&
526 				    (rt->rt_rmx.rmx_mtu > arcipifmtu ||
527 				     (rt->rt_rmx.rmx_mtu == 0 &&
528 				      ifp->if_mtu > arcipifmtu)))
529 					rt->rt_rmx.rmx_mtu = arcipifmtu;
530 				break;
531 			    }
532 #endif
533 			}
534 			if (rt->rt_flags & RTF_CLONING)
535 				break;
536 		}
537 		/* Announce a new entry if requested. */
538 		if (rt->rt_flags & RTF_ANNOUNCE) {
539 			INADDR_TO_IA(satocsin(rt_getkey(rt))->sin_addr, ia);
540 			while (ia && ia->ia_ifp != ifp)
541 				NEXT_IA_WITH_SAME_ADDR(ia);
542 			if (ia == NULL ||
543 			    ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED))
544 				;
545 			else
546 				arprequest(ifp,
547 				    &satocsin(rt_getkey(rt))->sin_addr,
548 				    &satocsin(rt_getkey(rt))->sin_addr,
549 				    CLLADDR(satocsdl(gate)));
550 		}
551 		/*FALLTHROUGH*/
552 	case RTM_RESOLVE:
553 		if (gate->sa_family != AF_LINK ||
554 		    gate->sa_len < sockaddr_dl_measure(0, ifp->if_addrlen)) {
555 			log(LOG_DEBUG, "arp_rtrequest: bad gateway value\n");
556 			break;
557 		}
558 
559 		satosdl(gate)->sdl_type = ifp->if_type;
560 		satosdl(gate)->sdl_index = ifp->if_index;
561 		if (la != NULL)
562 			break; /* This happens on a route change */
563 
564 		/* If the route is for a broadcast address mark it as such.
565 		 * This way we can avoid an expensive call to in_broadcast()
566 		 * in ip_output() most of the time (because the route passed
567 		 * to ip_output() is almost always a host route). */
568 		if (rt->rt_flags & RTF_HOST &&
569 		    !(rt->rt_flags & RTF_BROADCAST) &&
570 		    in_broadcast(satocsin(rt_getkey(rt))->sin_addr, rt->rt_ifp))
571 			rt->rt_flags |= RTF_BROADCAST;
572 		/* There is little point in resolving the broadcast address */
573 		if (rt->rt_flags & RTF_BROADCAST)
574 			break;
575 
576 		INADDR_TO_IA(satocsin(rt_getkey(rt))->sin_addr, ia);
577 		while (ia && ia->ia_ifp != ifp)
578 			NEXT_IA_WITH_SAME_ADDR(ia);
579 		if (ia) {
580 			/*
581 			 * This test used to be
582 			 *	if (lo0ifp->if_flags & IFF_UP)
583 			 * It allowed local traffic to be forced through
584 			 * the hardware by configuring the loopback down.
585 			 * However, it causes problems during network
586 			 * configuration for boards that can't receive
587 			 * packets they send.  It is now necessary to clear
588 			 * "useloopback" and remove the route to force
589 			 * traffic out to the hardware.
590 			 *
591 			 * In 4.4BSD, the above "if" statement checked
592 			 * rt->rt_ifa against rt_getkey(rt).  It was changed
593 			 * to the current form so that we can provide a
594 			 * better support for multiple IPv4 addresses on a
595 			 * interface.
596 			 */
597 			rt->rt_expire = 0;
598 			if (sockaddr_dl_init(satosdl(gate), gate->sa_len,
599 			    ifp->if_index, ifp->if_type, NULL, 0,
600 			    CLLADDR(ifp->if_sadl), ifp->if_addrlen) == NULL) {
601 				panic("%s(%s): sockaddr_dl_init cannot fail",
602 				    __func__, ifp->if_xname);
603 			}
604 			if (useloopback) {
605 				ifp = rt->rt_ifp = lo0ifp;
606 				rt->rt_rmx.rmx_mtu = 0;
607 			}
608 			rt->rt_flags |= RTF_LOCAL;
609 			/*
610 			 * make sure to set rt->rt_ifa to the interface
611 			 * address we are using, otherwise we will have trouble
612 			 * with source address selection.
613 			 */
614 			ifa = &ia->ia_ifa;
615 			if (ifa != rt->rt_ifa)
616 				rt_replace_ifa(rt, ifa);
617 		}
618 
619 		/*
620 		 * Case 2:  This route may come from cloning, or a manual route
621 		 * add with a LL address.
622 		 */
623 		flags = LLE_EXCLUSIVE;
624 		if ((rt->rt_flags & RTF_CLONED) == 0)
625 			flags |= LLE_IFADDR;
626 
627 		IF_AFDATA_WLOCK(ifp);
628 		la = lla_create(LLTABLE(ifp), flags, rt_getkey(rt));
629 		IF_AFDATA_WUNLOCK(ifp);
630 
631 		if (la == NULL) {
632 			log(LOG_DEBUG, "%s: lla_create failed\n",
633 			    __func__);
634 			rt->rt_llinfo = NULL;
635 			break;
636 		}
637 		rt->rt_llinfo = la;
638 		LLE_ADDREF(la);
639 		switch (ifp->if_type) {
640 #if NTOKEN > 0
641 		case IFT_ISO88025:
642 			la->la_opaque = kmem_alloc(sizeof(struct token_rif),
643 			    KM_SLEEP);
644 			break;
645 #endif /* NTOKEN > 0 */
646 		default:
647 			break;
648 		}
649 		la->la_rt = rt;
650 		rt->rt_refcnt++;
651 		rt->rt_flags |= RTF_LLINFO;
652 		arp_inuse++, arp_allocated++;
653 
654 		LLE_WUNLOCK(la);
655 		la = NULL;
656 
657 		break;
658 
659 	case RTM_DELETE:
660 		if (la == NULL)
661 			break;
662 		arp_inuse--;
663 		rt->rt_llinfo = NULL;
664 		rt->rt_flags &= ~RTF_LLINFO;
665 
666 		/* Have to do before IF_AFDATA_WLOCK to avoid deadlock */
667 		callout_halt(&la->la_timer, &la->lle_lock);
668 		/* XXX: LOR avoidance. We still have ref on lle. */
669 		LLE_RUNLOCK(la);
670 
671 		flags |= LLE_EXCLUSIVE;
672 		IF_AFDATA_WLOCK(ifp);
673 		LLE_WLOCK(la);
674 
675 		if (la->la_opaque != NULL) {
676 			switch (ifp->if_type) {
677 #if NTOKEN > 0
678 			case IFT_ISO88025:
679 				kmem_free(la->la_opaque,
680 				    sizeof(struct token_rif));
681 				break;
682 #endif /* NTOKEN > 0 */
683 			default:
684 				break;
685 			}
686 		}
687 
688 		if (la->la_rt != NULL) {
689 			/*
690 			 * Don't rtfree (may actually free objects) here.
691 			 * Leave it to rtrequest1.
692 			 */
693 			la->la_rt->rt_refcnt--;
694 			la->la_rt = NULL;
695 		}
696 
697 		/* Guard against race with other llentry_free(). */
698 		if (la->la_flags & LLE_LINKED) {
699 			size_t pkts_dropped;
700 
701 			LLE_REMREF(la);
702 			pkts_dropped = llentry_free(la);
703 			ARP_STATADD(ARP_STAT_DFRDROPPED, pkts_dropped);
704 		} else {
705 			LLE_FREE_LOCKED(la);
706 		}
707 		la = NULL;
708 
709 		IF_AFDATA_WUNLOCK(ifp);
710 	}
711 
712 	if (la != NULL) {
713 		if (flags & LLE_EXCLUSIVE)
714 			LLE_WUNLOCK(la);
715 		else
716 			LLE_RUNLOCK(la);
717 	}
718 }
719 
720 /*
721  * Broadcast an ARP request. Caller specifies:
722  *	- arp header source ip address
723  *	- arp header target ip address
724  *	- arp header source ethernet address
725  */
726 void
727 arprequest(struct ifnet *ifp,
728     const struct in_addr *sip, const struct in_addr *tip,
729     const u_int8_t *enaddr)
730 {
731 	struct mbuf *m;
732 	struct arphdr *ah;
733 	struct sockaddr sa;
734 	uint64_t *arps;
735 
736 	KASSERT(sip != NULL);
737 	KASSERT(tip != NULL);
738 	KASSERT(enaddr != NULL);
739 
740 	if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
741 		return;
742 	MCLAIM(m, &arpdomain.dom_mowner);
743 	switch (ifp->if_type) {
744 	case IFT_IEEE1394:
745 		m->m_len = sizeof(*ah) + 2 * sizeof(struct in_addr) +
746 		    ifp->if_addrlen;
747 		break;
748 	default:
749 		m->m_len = sizeof(*ah) + 2 * sizeof(struct in_addr) +
750 		    2 * ifp->if_addrlen;
751 		break;
752 	}
753 	m->m_pkthdr.len = m->m_len;
754 	MH_ALIGN(m, m->m_len);
755 	ah = mtod(m, struct arphdr *);
756 	memset(ah, 0, m->m_len);
757 	switch (ifp->if_type) {
758 	case IFT_IEEE1394:	/* RFC2734 */
759 		/* fill it now for ar_tpa computation */
760 		ah->ar_hrd = htons(ARPHRD_IEEE1394);
761 		break;
762 	default:
763 		/* ifp->if_output will fill ar_hrd */
764 		break;
765 	}
766 	ah->ar_pro = htons(ETHERTYPE_IP);
767 	ah->ar_hln = ifp->if_addrlen;		/* hardware address length */
768 	ah->ar_pln = sizeof(struct in_addr);	/* protocol address length */
769 	ah->ar_op = htons(ARPOP_REQUEST);
770 	memcpy(ar_sha(ah), enaddr, ah->ar_hln);
771 	memcpy(ar_spa(ah), sip, ah->ar_pln);
772 	memcpy(ar_tpa(ah), tip, ah->ar_pln);
773 	sa.sa_family = AF_ARP;
774 	sa.sa_len = 2;
775 	m->m_flags |= M_BCAST;
776 	arps = ARP_STAT_GETREF();
777 	arps[ARP_STAT_SNDTOTAL]++;
778 	arps[ARP_STAT_SENDREQUEST]++;
779 	ARP_STAT_PUTREF();
780 	(*ifp->if_output)(ifp, m, &sa, NULL);
781 }
782 
783 /*
784  * Resolve an IP address into an ethernet address.  If success,
785  * desten is filled in.  If there is no entry in arptab,
786  * set one up and broadcast a request for the IP address.
787  * Hold onto this mbuf and resend it once the address
788  * is finally resolved.  A return value of 0 indicates
789  * that desten has been filled in and the packet should be sent
790  * normally; a return value of EWOULDBLOCK indicates that the packet has been
791  * held pending resolution.
792  * Any other value indicates an error.
793  */
794 int
795 arpresolve(struct ifnet *ifp, struct rtentry *rt, struct mbuf *m,
796     const struct sockaddr *dst, u_char *desten)
797 {
798 	struct llentry *la;
799 	const struct sockaddr_dl *sdl;
800 	const char *create_lookup;
801 	bool renew;
802 	int error;
803 
804 	KASSERT(m != NULL);
805 
806 	la = arplookup(ifp, m, &satocsin(dst)->sin_addr, 0, 0, 0, rt);
807 	if (la == NULL || la->la_rt == NULL)
808 		goto notfound;
809 
810 	rt = la->la_rt;
811 	sdl = satocsdl(rt->rt_gateway);
812 	/*
813 	 * Check the address family and length is valid, the address
814 	 * is resolved; otherwise, try to resolve.
815 	 */
816 	if ((rt->rt_expire == 0 || rt->rt_expire > time_uptime) &&
817 	    sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0) {
818 		memcpy(desten, CLLADDR(sdl),
819 		    min(sdl->sdl_alen, ifp->if_addrlen));
820 		rt->rt_pksent = time_uptime; /* Time for last pkt sent */
821 		LLE_RUNLOCK(la);
822 		return 0;
823 	}
824 
825 	/*
826 	 * Re-send the ARP request when appropriate.
827 	 */
828 #ifdef	DIAGNOSTIC
829 	if (rt->rt_expire == 0) {
830 		/* This should never happen. (Should it? -gwr) */
831 		printf("arpresolve: unresolved and rt_expire == 0\n");
832 		/* Set expiration time to now (expired). */
833 		rt->rt_expire = time_uptime;
834 	}
835 #endif
836 
837 notfound:
838 #ifdef IFF_STATICARP /* FreeBSD */
839 #define _IFF_NOARP (IFF_NOARP | IFF_STATICARP)
840 #else
841 #define _IFF_NOARP IFF_NOARP
842 #endif
843 	if (ifp->if_flags & _IFF_NOARP) {
844 		if (la != NULL)
845 			LLE_RUNLOCK(la);
846 		error = ENOTSUP;
847 		goto bad;
848 	}
849 #undef _IFF_NOARP
850 	if (la == NULL) {
851 		create_lookup = "create";
852 		IF_AFDATA_WLOCK(ifp);
853 		la = lla_create(LLTABLE(ifp), LLE_EXCLUSIVE, dst);
854 		IF_AFDATA_WUNLOCK(ifp);
855 		if (la == NULL)
856 			ARP_STATINC(ARP_STAT_ALLOCFAIL);
857 	} else if (LLE_TRY_UPGRADE(la) == 0) {
858 		create_lookup = "lookup";
859 		LLE_RUNLOCK(la);
860 		IF_AFDATA_RLOCK(ifp);
861 		la = lla_lookup(LLTABLE(ifp), LLE_EXCLUSIVE, dst);
862 		IF_AFDATA_RUNLOCK(ifp);
863 	}
864 
865 	error = EINVAL;
866 	if (la == NULL) {
867 		log(LOG_DEBUG,
868 		    "%s: failed to %s llentry for %s on %s\n",
869 		    __func__, create_lookup, inet_ntoa(satocsin(dst)->sin_addr),
870 		    ifp->if_xname);
871 		goto bad;
872 	}
873 
874 	/* Just in case */
875 	if (la->la_rt == NULL) {
876 		LLE_WUNLOCK(la);
877 		log(LOG_DEBUG,
878 		    "%s: valid llentry has no rtentry for %s on %s\n",
879 		    __func__, inet_ntoa(satocsin(dst)->sin_addr),
880 		    ifp->if_xname);
881 		goto bad;
882 	}
883 	rt = la->la_rt;
884 
885 	if ((la->la_flags & LLE_VALID) &&
886 	    ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime))
887 	{
888 		sdl = satocsdl(rt->rt_gateway);
889 		memcpy(desten, CLLADDR(sdl),
890 		    min(sdl->sdl_alen, ifp->if_addrlen));
891 		renew = false;
892 		/*
893 		 * If entry has an expiry time and it is approaching,
894 		 * see if we need to send an ARP request within this
895 		 * arpt_down interval.
896 		 */
897 		if (!(la->la_flags & LLE_STATIC) &&
898 		    time_uptime + la->la_preempt > la->la_expire)
899 		{
900 			renew = true;
901 			la->la_preempt--;
902 		}
903 
904 		LLE_WUNLOCK(la);
905 
906 		if (renew) {
907 			const u_int8_t *enaddr =
908 #if NCARP > 0
909 			    (rt->rt_ifp->if_type == IFT_CARP) ?
910 			    CLLADDR(rt->rt_ifp->if_sadl):
911 #endif
912 			    CLLADDR(ifp->if_sadl);
913 			arprequest(ifp,
914 			    &satocsin(rt->rt_ifa->ifa_addr)->sin_addr,
915 			    &satocsin(dst)->sin_addr, enaddr);
916 		}
917 
918 		return 0;
919 	}
920 
921 	if (la->la_flags & LLE_STATIC) {   /* should not happen! */
922 		LLE_RUNLOCK(la);
923 		log(LOG_DEBUG, "arpresolve: ouch, empty static llinfo for %s\n",
924 		    inet_ntoa(satocsin(dst)->sin_addr));
925 		error = EINVAL;
926 		goto bad;
927 	}
928 
929 	renew = (la->la_asked == 0 || la->la_expire != time_uptime);
930 
931 	/*
932 	 * There is an arptab entry, but no ethernet address
933 	 * response yet.  Add the mbuf to the list, dropping
934 	 * the oldest packet if we have exceeded the system
935 	 * setting.
936 	 */
937 	LLE_WLOCK_ASSERT(la);
938 	if (la->la_numheld >= arp_maxhold) {
939 		if (la->la_hold != NULL) {
940 			struct mbuf *next = la->la_hold->m_nextpkt;
941 			m_freem(la->la_hold);
942 			la->la_hold = next;
943 			la->la_numheld--;
944 			ARP_STATINC(ARP_STAT_DFRDROPPED);
945 		}
946 	}
947 	if (la->la_hold != NULL) {
948 		struct mbuf *curr = la->la_hold;
949 		while (curr->m_nextpkt != NULL)
950 			curr = curr->m_nextpkt;
951 		curr->m_nextpkt = m;
952 	} else
953 		la->la_hold = m;
954 	la->la_numheld++;
955 	if (!renew)
956 		LLE_DOWNGRADE(la);
957 
958 	/*
959 	 * Return EWOULDBLOCK if we have tried less than arp_maxtries. It
960 	 * will be masked by ether_output(). Return EHOSTDOWN/EHOSTUNREACH
961 	 * if we have already sent arp_maxtries ARP requests. Retransmit the
962 	 * ARP request, but not faster than one request per second.
963 	 */
964 	if (la->la_asked < arp_maxtries)
965 		error = EWOULDBLOCK;	/* First request. */
966 	else
967 		error = (rt->rt_flags & RTF_GATEWAY) ?
968 		    EHOSTUNREACH : EHOSTDOWN;
969 
970 	if (renew) {
971 		const u_int8_t *enaddr =
972 #if NCARP > 0
973 		    (rt->rt_ifp->if_type == IFT_CARP) ?
974 		    CLLADDR(rt->rt_ifp->if_sadl):
975 #endif
976 		    CLLADDR(ifp->if_sadl);
977 		LLE_ADDREF(la);
978 		la->la_expire = time_uptime;
979 		callout_reset(&la->la_timer, hz * arpt_down,
980 		    arptimer, la);
981 		la->la_asked++;
982 		LLE_WUNLOCK(la);
983 
984 		arprequest(ifp, &satocsin(rt->rt_ifa->ifa_addr)->sin_addr,
985 		    &satocsin(dst)->sin_addr, enaddr);
986 		return error;
987 	}
988 
989 	LLE_RUNLOCK(la);
990 	return error;
991 
992 bad:
993 	m_freem(m);
994 	if (rt != NULL && (rt->rt_flags & RTF_CLONED) != 0) {
995 		rtrequest(RTM_DELETE, rt_getkey(rt),
996 		    rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL);
997 	}
998 	return error;
999 }
1000 
1001 /*
1002  * Common length and type checks are done here,
1003  * then the protocol-specific routine is called.
1004  */
1005 void
1006 arpintr(void)
1007 {
1008 	struct mbuf *m;
1009 	struct arphdr *ar;
1010 	int s;
1011 	int arplen;
1012 
1013 	mutex_enter(softnet_lock);
1014 	KERNEL_LOCK(1, NULL);
1015 	while (arpintrq.ifq_head) {
1016 		s = splnet();
1017 		IF_DEQUEUE(&arpintrq, m);
1018 		splx(s);
1019 		if (m == NULL || (m->m_flags & M_PKTHDR) == 0)
1020 			panic("arpintr");
1021 
1022 		MCLAIM(m, &arpdomain.dom_mowner);
1023 		ARP_STATINC(ARP_STAT_RCVTOTAL);
1024 
1025 		/*
1026 		 * First, make sure we have at least struct arphdr.
1027 		 */
1028 		if (m->m_len < sizeof(struct arphdr) ||
1029 		    (ar = mtod(m, struct arphdr *)) == NULL)
1030 			goto badlen;
1031 
1032 		switch (m->m_pkthdr.rcvif->if_type) {
1033 		case IFT_IEEE1394:
1034 			arplen = sizeof(struct arphdr) +
1035 			    ar->ar_hln + 2 * ar->ar_pln;
1036 			break;
1037 		default:
1038 			arplen = sizeof(struct arphdr) +
1039 			    2 * ar->ar_hln + 2 * ar->ar_pln;
1040 			break;
1041 		}
1042 
1043 		if (/* XXX ntohs(ar->ar_hrd) == ARPHRD_ETHER && */
1044 		    m->m_len >= arplen)
1045 			switch (ntohs(ar->ar_pro)) {
1046 			case ETHERTYPE_IP:
1047 			case ETHERTYPE_IPTRAILERS:
1048 				in_arpinput(m);
1049 				continue;
1050 			default:
1051 				ARP_STATINC(ARP_STAT_RCVBADPROTO);
1052 			}
1053 		else {
1054 badlen:
1055 			ARP_STATINC(ARP_STAT_RCVBADLEN);
1056 		}
1057 		m_freem(m);
1058 	}
1059 	KERNEL_UNLOCK_ONE(NULL);
1060 	mutex_exit(softnet_lock);
1061 }
1062 
1063 /*
1064  * ARP for Internet protocols on 10 Mb/s Ethernet.
1065  * Algorithm is that given in RFC 826.
1066  * In addition, a sanity check is performed on the sender
1067  * protocol address, to catch impersonators.
1068  * We no longer handle negotiations for use of trailer protocol:
1069  * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent
1070  * along with IP replies if we wanted trailers sent to us,
1071  * and also sent them in response to IP replies.
1072  * This allowed either end to announce the desire to receive
1073  * trailer packets.
1074  * We no longer reply to requests for ETHERTYPE_TRAIL protocol either,
1075  * but formerly didn't normally send requests.
1076  */
1077 static void
1078 in_arpinput(struct mbuf *m)
1079 {
1080 	struct arphdr *ah;
1081 	struct ifnet *ifp = m->m_pkthdr.rcvif;
1082 	struct llentry *la = NULL;
1083 	struct rtentry  *rt = NULL;
1084 	struct in_ifaddr *ia;
1085 #if NBRIDGE > 0
1086 	struct in_ifaddr *bridge_ia = NULL;
1087 #endif
1088 #if NCARP > 0
1089 	u_int32_t count = 0, index = 0;
1090 #endif
1091 	struct sockaddr_dl *sdl = NULL;
1092 	struct sockaddr sa;
1093 	struct in_addr isaddr, itaddr, myaddr;
1094 	int op;
1095 	void *tha;
1096 	uint64_t *arps;
1097 
1098 	if (__predict_false(m_makewritable(&m, 0, m->m_pkthdr.len, M_DONTWAIT)))
1099 		goto out;
1100 	ah = mtod(m, struct arphdr *);
1101 	op = ntohs(ah->ar_op);
1102 
1103 	/*
1104 	 * Fix up ah->ar_hrd if necessary, before using ar_tha() or
1105 	 * ar_tpa().
1106 	 */
1107 	switch (ifp->if_type) {
1108 	case IFT_IEEE1394:
1109 		if (ntohs(ah->ar_hrd) == ARPHRD_IEEE1394)
1110 			;
1111 		else {
1112 			/* XXX this is to make sure we compute ar_tha right */
1113 			/* XXX check ar_hrd more strictly? */
1114 			ah->ar_hrd = htons(ARPHRD_IEEE1394);
1115 		}
1116 		break;
1117 	default:
1118 		/* XXX check ar_hrd? */
1119 		break;
1120 	}
1121 
1122 	memcpy(&isaddr, ar_spa(ah), sizeof (isaddr));
1123 	memcpy(&itaddr, ar_tpa(ah), sizeof (itaddr));
1124 
1125 	if (m->m_flags & (M_BCAST|M_MCAST))
1126 		ARP_STATINC(ARP_STAT_RCVMCAST);
1127 
1128 
1129 	/*
1130 	 * Search for a matching interface address
1131 	 * or any address on the interface to use
1132 	 * as a dummy address in the rest of this function
1133 	 */
1134 
1135 	INADDR_TO_IA(itaddr, ia);
1136 	while (ia != NULL) {
1137 #if NCARP > 0
1138 		if (ia->ia_ifp->if_type == IFT_CARP &&
1139 		    ((ia->ia_ifp->if_flags & (IFF_UP|IFF_RUNNING)) ==
1140 		    (IFF_UP|IFF_RUNNING))) {
1141 			index++;
1142 			if (ia->ia_ifp == m->m_pkthdr.rcvif &&
1143 			    carp_iamatch(ia, ar_sha(ah),
1144 			    &count, index)) {
1145 				break;
1146 				}
1147 		} else
1148 #endif
1149 			    if (ia->ia_ifp == m->m_pkthdr.rcvif)
1150 				break;
1151 #if NBRIDGE > 0
1152 		/*
1153 		 * If the interface we received the packet on
1154 		 * is part of a bridge, check to see if we need
1155 		 * to "bridge" the packet to ourselves at this
1156 		 * layer.  Note we still prefer a perfect match,
1157 		 * but allow this weaker match if necessary.
1158 		 */
1159 		if (m->m_pkthdr.rcvif->if_bridge != NULL &&
1160 		    m->m_pkthdr.rcvif->if_bridge == ia->ia_ifp->if_bridge)
1161 			bridge_ia = ia;
1162 #endif /* NBRIDGE > 0 */
1163 
1164 		NEXT_IA_WITH_SAME_ADDR(ia);
1165 	}
1166 
1167 #if NBRIDGE > 0
1168 	if (ia == NULL && bridge_ia != NULL) {
1169 		ia = bridge_ia;
1170 		ifp = bridge_ia->ia_ifp;
1171 	}
1172 #endif
1173 
1174 	if (ia == NULL) {
1175 		INADDR_TO_IA(isaddr, ia);
1176 		while ((ia != NULL) && ia->ia_ifp != m->m_pkthdr.rcvif)
1177 			NEXT_IA_WITH_SAME_ADDR(ia);
1178 
1179 		if (ia == NULL) {
1180 			IFP_TO_IA(ifp, ia);
1181 			if (ia == NULL) {
1182 				ARP_STATINC(ARP_STAT_RCVNOINT);
1183 				goto out;
1184 			}
1185 		}
1186 	}
1187 
1188 	myaddr = ia->ia_addr.sin_addr;
1189 
1190 	/* XXX checks for bridge case? */
1191 	if (!memcmp(ar_sha(ah), CLLADDR(ifp->if_sadl), ifp->if_addrlen)) {
1192 		ARP_STATINC(ARP_STAT_RCVLOCALSHA);
1193 		goto out;	/* it's from me, ignore it. */
1194 	}
1195 
1196 	/* XXX checks for bridge case? */
1197 	if (!memcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) {
1198 		ARP_STATINC(ARP_STAT_RCVBCASTSHA);
1199 		log(LOG_ERR,
1200 		    "%s: arp: link address is broadcast for IP address %s!\n",
1201 		    ifp->if_xname, in_fmtaddr(isaddr));
1202 		goto out;
1203 	}
1204 
1205 	/*
1206 	 * If the source IP address is zero, this is an RFC 5227 ARP probe
1207 	 */
1208 	if (in_nullhost(isaddr))
1209 		ARP_STATINC(ARP_STAT_RCVZEROSPA);
1210 	else if (in_hosteq(isaddr, myaddr))
1211 		ARP_STATINC(ARP_STAT_RCVLOCALSPA);
1212 
1213 	if (in_nullhost(itaddr))
1214 		ARP_STATINC(ARP_STAT_RCVZEROTPA);
1215 
1216 	/* DAD check, RFC 5227 2.1.1, Probe Details */
1217 	if (in_hosteq(isaddr, myaddr) ||
1218 	    (in_nullhost(isaddr) && in_hosteq(itaddr, myaddr)))
1219 	{
1220 		/* If our address is tentative, mark it as duplicated */
1221 		if (ia->ia4_flags & IN_IFF_TENTATIVE)
1222 			arp_dad_duplicated((struct ifaddr *)ia);
1223 		/* If our address is unuseable, don't reply */
1224 		if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED))
1225 			goto out;
1226 	}
1227 
1228 	/*
1229 	 * If the target IP address is zero, ignore the packet.
1230 	 * This prevents the code below from tring to answer
1231 	 * when we are using IP address zero (booting).
1232 	 */
1233 	if (in_nullhost(itaddr))
1234 		goto out;
1235 
1236 	if (in_nullhost(isaddr))
1237 		goto reply;
1238 
1239 	if (in_hosteq(isaddr, myaddr)) {
1240 		log(LOG_ERR,
1241 		   "duplicate IP address %s sent from link address %s\n",
1242 		   in_fmtaddr(isaddr), lla_snprintf(ar_sha(ah), ah->ar_hln));
1243 		itaddr = myaddr;
1244 		goto reply;
1245 	}
1246 
1247 	la = arplookup(ifp, m, &isaddr, in_hosteq(itaddr, myaddr), 0, 1, NULL);
1248 	if (la != NULL) {
1249 		rt = la->la_rt;
1250 		if (rt != NULL)
1251 			sdl = satosdl(rt->rt_gateway);
1252 	}
1253 	if (sdl != NULL) {
1254 		if (sdl->sdl_alen &&
1255 		    memcmp(ar_sha(ah), CLLADDR(sdl), sdl->sdl_alen)) {
1256 			if (rt->rt_flags & RTF_STATIC) {
1257 				ARP_STATINC(ARP_STAT_RCVOVERPERM);
1258 				if (!log_permanent_modify)
1259 					goto out;
1260 				log(LOG_INFO,
1261 				    "%s tried to overwrite permanent arp info"
1262 				    " for %s\n",
1263 				    lla_snprintf(ar_sha(ah), ah->ar_hln),
1264 				    in_fmtaddr(isaddr));
1265 				goto out;
1266 			} else if (rt->rt_ifp != ifp) {
1267 				ARP_STATINC(ARP_STAT_RCVOVERINT);
1268 				if (!log_wrong_iface)
1269 					goto out;
1270 				log(LOG_INFO,
1271 				    "%s on %s tried to overwrite "
1272 				    "arp info for %s on %s\n",
1273 				    lla_snprintf(ar_sha(ah), ah->ar_hln),
1274 				    ifp->if_xname, in_fmtaddr(isaddr),
1275 				    rt->rt_ifp->if_xname);
1276 				    goto out;
1277 			} else {
1278 				ARP_STATINC(ARP_STAT_RCVOVER);
1279 				if (log_movements)
1280 					log(LOG_INFO, "arp info overwritten "
1281 					    "for %s by %s\n",
1282 					    in_fmtaddr(isaddr),
1283 					    lla_snprintf(ar_sha(ah),
1284 					    ah->ar_hln));
1285 			}
1286 		}
1287 		/*
1288 		 * sanity check for the address length.
1289 		 * XXX this does not work for protocols with variable address
1290 		 * length. -is
1291 		 */
1292 		if (sdl->sdl_alen &&
1293 		    sdl->sdl_alen != ah->ar_hln) {
1294 			ARP_STATINC(ARP_STAT_RCVLENCHG);
1295 			log(LOG_WARNING,
1296 			    "arp from %s: new addr len %d, was %d\n",
1297 			    in_fmtaddr(isaddr), ah->ar_hln, sdl->sdl_alen);
1298 		}
1299 		if (ifp->if_addrlen != ah->ar_hln) {
1300 			ARP_STATINC(ARP_STAT_RCVBADLEN);
1301 			log(LOG_WARNING,
1302 			    "arp from %s: addr len: new %d, i/f %d (ignored)\n",
1303 			    in_fmtaddr(isaddr), ah->ar_hln,
1304 			    ifp->if_addrlen);
1305 			goto reply;
1306 		}
1307 #if NTOKEN > 0
1308 		/*
1309 		 * XXX uses m_data and assumes the complete answer including
1310 		 * XXX token-ring headers is in the same buf
1311 		 */
1312 		if (ifp->if_type == IFT_ISO88025) {
1313 			struct token_header *trh;
1314 
1315 			trh = (struct token_header *)M_TRHSTART(m);
1316 			if (trh->token_shost[0] & TOKEN_RI_PRESENT) {
1317 				struct token_rif	*rif;
1318 				size_t	riflen;
1319 
1320 				rif = TOKEN_RIF(trh);
1321 				riflen = (ntohs(rif->tr_rcf) &
1322 				    TOKEN_RCF_LEN_MASK) >> 8;
1323 
1324 				if (riflen > 2 &&
1325 				    riflen < sizeof(struct token_rif) &&
1326 				    (riflen & 1) == 0) {
1327 					rif->tr_rcf ^= htons(TOKEN_RCF_DIRECTION);
1328 					rif->tr_rcf &= htons(~TOKEN_RCF_BROADCAST_MASK);
1329 					memcpy(TOKEN_RIF(la), rif, riflen);
1330 				}
1331 			}
1332 		}
1333 #endif /* NTOKEN > 0 */
1334 		(void)sockaddr_dl_setaddr(sdl, sdl->sdl_len, ar_sha(ah),
1335 		    ah->ar_hln);
1336 		if (rt->rt_expire) {
1337 			rt->rt_expire = time_uptime + arpt_keep;
1338 
1339 			KASSERT((la->la_flags & LLE_STATIC) == 0);
1340 			LLE_ADDREF(la);
1341 			callout_reset(&la->la_timer, hz * arpt_keep, arptimer, la);
1342 		}
1343 		rt->rt_flags &= ~RTF_REJECT;
1344 		la->la_asked = 0;
1345 
1346 		if (la->la_hold != NULL) {
1347 			int n = la->la_numheld;
1348 			struct mbuf *m_hold, *m_hold_next;
1349 
1350 			m_hold = la->la_hold;
1351 			la->la_hold = NULL;
1352 			la->la_numheld = 0;
1353 			/*
1354 			 * We have to unlock here because if_output would call
1355 			 * arpresolve
1356 			 */
1357 			LLE_WUNLOCK(la);
1358 			ARP_STATADD(ARP_STAT_DFRSENT, n);
1359 			for (; m_hold != NULL; m_hold = m_hold_next) {
1360 				m_hold_next = m_hold->m_nextpkt;
1361 				m_hold->m_nextpkt = NULL;
1362 				(*ifp->if_output)(ifp, m_hold, rt_getkey(rt), rt);
1363 			}
1364 		} else
1365 			LLE_WUNLOCK(la);
1366 		la = NULL;
1367 	}
1368 reply:
1369 	if (la != NULL) {
1370 		LLE_WUNLOCK(la);
1371 		la = NULL;
1372 	}
1373 	if (op != ARPOP_REQUEST) {
1374 		if (op == ARPOP_REPLY)
1375 			ARP_STATINC(ARP_STAT_RCVREPLY);
1376 		goto out;
1377 	}
1378 	ARP_STATINC(ARP_STAT_RCVREQUEST);
1379 	if (in_hosteq(itaddr, myaddr)) {
1380 		/* If our address is unuseable, don't reply */
1381 		if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED))
1382 			goto out;
1383 		/* I am the target */
1384 		tha = ar_tha(ah);
1385 		if (tha)
1386 			memcpy(tha, ar_sha(ah), ah->ar_hln);
1387 		memcpy(ar_sha(ah), CLLADDR(ifp->if_sadl), ah->ar_hln);
1388 	} else {
1389 		la = arplookup(ifp, m, &itaddr, 0, SIN_PROXY, 0, NULL);
1390 		if (la == NULL)
1391 			goto out;
1392 		rt = la->la_rt;
1393 		LLE_RUNLOCK(la);
1394 		la = NULL;
1395 		if (rt->rt_ifp->if_type == IFT_CARP &&
1396 		    m->m_pkthdr.rcvif->if_type != IFT_CARP)
1397 			goto out;
1398 		tha = ar_tha(ah);
1399 		if (tha)
1400 			memcpy(tha, ar_sha(ah), ah->ar_hln);
1401 		sdl = satosdl(rt->rt_gateway);
1402 		memcpy(ar_sha(ah), CLLADDR(sdl), ah->ar_hln);
1403 	}
1404 
1405 	memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln);
1406 	memcpy(ar_spa(ah), &itaddr, ah->ar_pln);
1407 	ah->ar_op = htons(ARPOP_REPLY);
1408 	ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */
1409 	switch (ifp->if_type) {
1410 	case IFT_IEEE1394:
1411 		/*
1412 		 * ieee1394 arp reply is broadcast
1413 		 */
1414 		m->m_flags &= ~M_MCAST;
1415 		m->m_flags |= M_BCAST;
1416 		m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + ah->ar_hln;
1417 		break;
1418 
1419 	default:
1420 		m->m_flags &= ~(M_BCAST|M_MCAST); /* never reply by broadcast */
1421 		m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln);
1422 		break;
1423 	}
1424 	m->m_pkthdr.len = m->m_len;
1425 	sa.sa_family = AF_ARP;
1426 	sa.sa_len = 2;
1427 	arps = ARP_STAT_GETREF();
1428 	arps[ARP_STAT_SNDTOTAL]++;
1429 	arps[ARP_STAT_SNDREPLY]++;
1430 	ARP_STAT_PUTREF();
1431 	(*ifp->if_output)(ifp, m, &sa, NULL);
1432 	return;
1433 
1434 out:
1435 	if (la != NULL)
1436 		LLE_WUNLOCK(la);
1437 	m_freem(m);
1438 }
1439 
1440 /*
1441  * Free an arp entry.
1442  */
1443 static void arptfree(struct rtentry *rt)
1444 {
1445 
1446 	rtrequest(RTM_DELETE, rt_getkey(rt), NULL, rt_mask(rt), 0, NULL);
1447 	rtfree(rt);
1448 }
1449 
1450 /*
1451  * Lookup or enter a new address in arptab.
1452  */
1453 static struct llentry *
1454 arplookup(struct ifnet *ifp, struct mbuf *m, const struct in_addr *addr,
1455     int create, int proxy, int wlock, struct rtentry *rt0)
1456 {
1457 	struct arphdr *ah;
1458 	struct rtentry *rt;
1459 	struct sockaddr_inarp sin;
1460 	const char *why = NULL;
1461 
1462 	ah = mtod(m, struct arphdr *);
1463 	if (rt0 == NULL) {
1464 		memset(&sin, 0, sizeof(sin));
1465 		sin.sin_len = sizeof(sin);
1466 		sin.sin_family = AF_INET;
1467 		sin.sin_addr = *addr;
1468 		sin.sin_other = proxy ? SIN_PROXY : 0;
1469 		rt = rtalloc1(sintosa(&sin), create);
1470 		if (rt == NULL)
1471 			return NULL;
1472 		rt->rt_refcnt--;
1473 	} else
1474 		rt = rt0;
1475 
1476 #define	IS_LLINFO(__rt)							  \
1477 	(((__rt)->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) == RTF_LLINFO && \
1478 	 (__rt)->rt_gateway->sa_family == AF_LINK)
1479 
1480 
1481 	if (IS_LLINFO(rt)) {
1482 		struct llentry *la;
1483 		int flags = wlock ? LLE_EXCLUSIVE : 0;
1484 
1485 		IF_AFDATA_RLOCK(ifp);
1486 		la = lla_lookup(LLTABLE(ifp), flags, rt_getkey(rt));
1487 		IF_AFDATA_RUNLOCK(ifp);
1488 
1489 		if (la == NULL && create) {
1490 			IF_AFDATA_WLOCK(ifp);
1491 			la = lla_create(LLTABLE(ifp), flags, rt_getkey(rt));
1492 			IF_AFDATA_WUNLOCK(ifp);
1493 		}
1494 
1495 		return la;
1496 	}
1497 
1498 	if (create) {
1499 		if (rt->rt_flags & RTF_GATEWAY) {
1500 			if (log_unknown_network)
1501 				why = "host is not on local network";
1502 		} else if ((rt->rt_flags & RTF_LLINFO) == 0) {
1503 			ARP_STATINC(ARP_STAT_ALLOCFAIL);
1504 			why = "could not allocate llinfo";
1505 		} else
1506 			why = "gateway route is not ours";
1507 		if (why) {
1508 			log(LOG_DEBUG, "arplookup: unable to enter address"
1509 			    " for %s@%s on %s (%s)\n", in_fmtaddr(*addr),
1510 			    lla_snprintf(ar_sha(ah), ah->ar_hln),
1511 			    (ifp) ? ifp->if_xname : "null", why);
1512 		}
1513 		if ((rt->rt_flags & RTF_CLONED) != 0) {
1514 			rtrequest(RTM_DELETE, rt_getkey(rt),
1515 		    	    rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL);
1516 		}
1517 	}
1518 	return NULL;
1519 }
1520 
1521 int
1522 arpioctl(u_long cmd, void *data)
1523 {
1524 
1525 	return EOPNOTSUPP;
1526 }
1527 
1528 void
1529 arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa)
1530 {
1531 	struct in_addr *ip;
1532 	struct in_ifaddr *ia = (struct in_ifaddr *)ifa;
1533 
1534 	/*
1535 	 * Warn the user if another station has this IP address,
1536 	 * but only if the interface IP address is not zero.
1537 	 */
1538 	ip = &IA_SIN(ifa)->sin_addr;
1539 	if (!in_nullhost(*ip) &&
1540 	    (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED)) == 0)
1541 		arprequest(ifp, ip, ip, CLLADDR(ifp->if_sadl));
1542 
1543 	ifa->ifa_rtrequest = arp_rtrequest;
1544 	ifa->ifa_flags |= RTF_CLONING;
1545 
1546 	/* ARP will handle DAD for this address. */
1547 	if (ia->ia4_flags & IN_IFF_TRYTENTATIVE) {
1548 		ia->ia4_flags |= IN_IFF_TENTATIVE;
1549 		ia->ia_dad_start = arp_dad_start;
1550 		ia->ia_dad_stop = arp_dad_stop;
1551 	}
1552 }
1553 
1554 TAILQ_HEAD(dadq_head, dadq);
1555 struct dadq {
1556 	TAILQ_ENTRY(dadq) dad_list;
1557 	struct ifaddr *dad_ifa;
1558 	int dad_count;		/* max ARP to send */
1559 	int dad_arp_tcount;	/* # of trials to send ARP */
1560 	int dad_arp_ocount;	/* ARP sent so far */
1561 	int dad_arp_announce;	/* max ARP announcements */
1562 	int dad_arp_acount;	/* # of announcements */
1563 	struct callout dad_timer_ch;
1564 };
1565 MALLOC_JUSTDEFINE(M_IPARP, "ARP DAD", "ARP DAD Structure");
1566 
1567 static struct dadq_head dadq;
1568 static int dad_init = 0;
1569 static int dad_maxtry = 15;     /* max # of *tries* to transmit DAD packet */
1570 
1571 static struct dadq *
1572 arp_dad_find(struct ifaddr *ifa)
1573 {
1574 	struct dadq *dp;
1575 
1576 	TAILQ_FOREACH(dp, &dadq, dad_list) {
1577 		if (dp->dad_ifa == ifa)
1578 			return dp;
1579 	}
1580 	return NULL;
1581 }
1582 
1583 static void
1584 arp_dad_starttimer(struct dadq *dp, int ticks)
1585 {
1586 
1587 	callout_reset(&dp->dad_timer_ch, ticks,
1588 	    (void (*)(void *))arp_dad_timer, (void *)dp->dad_ifa);
1589 }
1590 
1591 static void
1592 arp_dad_stoptimer(struct dadq *dp)
1593 {
1594 
1595 	callout_stop(&dp->dad_timer_ch);
1596 }
1597 
1598 static void
1599 arp_dad_output(struct dadq *dp, struct ifaddr *ifa)
1600 {
1601 	struct in_ifaddr *ia = (struct in_ifaddr *)ifa;
1602 	struct ifnet *ifp = ifa->ifa_ifp;
1603 	struct in_addr sip;
1604 
1605 	dp->dad_arp_tcount++;
1606 	if ((ifp->if_flags & IFF_UP) == 0)
1607 		return;
1608 	if ((ifp->if_flags & IFF_RUNNING) == 0)
1609 		return;
1610 
1611 	dp->dad_arp_tcount = 0;
1612 	dp->dad_arp_ocount++;
1613 
1614 	memset(&sip, 0, sizeof(sip));
1615 	arprequest(ifa->ifa_ifp, &sip, &ia->ia_addr.sin_addr,
1616 	    CLLADDR(ifa->ifa_ifp->if_sadl));
1617 }
1618 
1619 /*
1620  * Start Duplicate Address Detection (DAD) for specified interface address.
1621  */
1622 static void
1623 arp_dad_start(struct ifaddr *ifa)
1624 {
1625 	struct in_ifaddr *ia = (struct in_ifaddr *)ifa;
1626 	struct dadq *dp;
1627 
1628 	if (!dad_init) {
1629 		TAILQ_INIT(&dadq);
1630 		dad_init++;
1631 	}
1632 
1633 	/*
1634 	 * If we don't need DAD, don't do it.
1635 	 * - DAD is disabled (ip_dad_count == 0)
1636 	 */
1637 	if (!(ia->ia4_flags & IN_IFF_TENTATIVE)) {
1638 		log(LOG_DEBUG,
1639 			"arp_dad_start: called with non-tentative address "
1640 			"%s(%s)\n",
1641 			in_fmtaddr(ia->ia_addr.sin_addr),
1642 			ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1643 		return;
1644 	}
1645 	if (!ip_dad_count) {
1646 		struct in_addr *ip = &IA_SIN(ifa)->sin_addr;
1647 
1648 		ia->ia4_flags &= ~IN_IFF_TENTATIVE;
1649 		rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL);
1650 		arprequest(ifa->ifa_ifp, ip, ip,
1651 		    CLLADDR(ifa->ifa_ifp->if_sadl));
1652 		return;
1653 	}
1654 	if (ifa->ifa_ifp == NULL)
1655 		panic("arp_dad_start: ifa->ifa_ifp == NULL");
1656 	if (!(ifa->ifa_ifp->if_flags & IFF_UP))
1657 		return;
1658 	if (arp_dad_find(ifa) != NULL) {
1659 		/* DAD already in progress */
1660 		return;
1661 	}
1662 
1663 	dp = malloc(sizeof(*dp), M_IPARP, M_NOWAIT);
1664 	if (dp == NULL) {
1665 		log(LOG_ERR, "arp_dad_start: memory allocation failed for "
1666 			"%s(%s)\n",
1667 			in_fmtaddr(ia->ia_addr.sin_addr),
1668 			ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1669 		return;
1670 	}
1671 	memset(dp, 0, sizeof(*dp));
1672 	callout_init(&dp->dad_timer_ch, CALLOUT_MPSAFE);
1673 	TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list);
1674 
1675 	arplog((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
1676 	    in_fmtaddr(ia->ia_addr.sin_addr)));
1677 
1678 	/*
1679 	 * Send ARP packet for DAD, ip_dad_count times.
1680 	 * Note that we must delay the first transmission.
1681 	 */
1682 	dp->dad_ifa = ifa;
1683 	ifaref(ifa);	/* just for safety */
1684 	dp->dad_count = ip_dad_count;
1685 	dp->dad_arp_announce = 0; /* Will be set when starting to announce */
1686 	dp->dad_arp_acount = dp->dad_arp_ocount = dp->dad_arp_tcount = 0;
1687 
1688 	arp_dad_starttimer(dp, cprng_fast32() % (PROBE_WAIT * hz));
1689 }
1690 
1691 /*
1692  * terminate DAD unconditionally.  used for address removals.
1693  */
1694 static void
1695 arp_dad_stop(struct ifaddr *ifa)
1696 {
1697 	struct dadq *dp;
1698 
1699 	if (!dad_init)
1700 		return;
1701 	dp = arp_dad_find(ifa);
1702 	if (dp == NULL) {
1703 		/* DAD wasn't started yet */
1704 		return;
1705 	}
1706 
1707 	arp_dad_stoptimer(dp);
1708 
1709 	TAILQ_REMOVE(&dadq, dp, dad_list);
1710 	free(dp, M_IPARP);
1711 	dp = NULL;
1712 	ifafree(ifa);
1713 }
1714 
1715 static void
1716 arp_dad_timer(struct ifaddr *ifa)
1717 {
1718 	struct in_ifaddr *ia = (struct in_ifaddr *)ifa;
1719 	struct dadq *dp;
1720 	struct in_addr *ip;
1721 
1722 	mutex_enter(softnet_lock);
1723 	KERNEL_LOCK(1, NULL);
1724 
1725 	/* Sanity check */
1726 	if (ia == NULL) {
1727 		log(LOG_ERR, "arp_dad_timer: called with null parameter\n");
1728 		goto done;
1729 	}
1730 	dp = arp_dad_find(ifa);
1731 	if (dp == NULL) {
1732 		log(LOG_ERR, "arp_dad_timer: DAD structure not found\n");
1733 		goto done;
1734 	}
1735 	if (ia->ia4_flags & IN_IFF_DUPLICATED) {
1736 		log(LOG_ERR, "nd4_dad_timer: called with duplicate address "
1737 			"%s(%s)\n",
1738 			in_fmtaddr(ia->ia_addr.sin_addr),
1739 			ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1740 		goto done;
1741 	}
1742 	if ((ia->ia4_flags & IN_IFF_TENTATIVE) == 0 && dp->dad_arp_acount == 0){
1743 		log(LOG_ERR, "arp_dad_timer: called with non-tentative address "
1744 			"%s(%s)\n",
1745 			in_fmtaddr(ia->ia_addr.sin_addr),
1746 			ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1747 		goto done;
1748 	}
1749 
1750 	/* timeouted with IFF_{RUNNING,UP} check */
1751 	if (dp->dad_arp_tcount > dad_maxtry) {
1752 		arplog((LOG_INFO, "%s: could not run DAD, driver problem?\n",
1753 			if_name(ifa->ifa_ifp)));
1754 
1755 		TAILQ_REMOVE(&dadq, dp, dad_list);
1756 		free(dp, M_IPARP);
1757 		dp = NULL;
1758 		ifafree(ifa);
1759 		goto done;
1760 	}
1761 
1762 	/* Need more checks? */
1763 	if (dp->dad_arp_ocount < dp->dad_count) {
1764 		int adelay;
1765 
1766 		/*
1767 		 * We have more ARP to go.  Send ARP packet for DAD.
1768 		 */
1769 		arp_dad_output(dp, ifa);
1770 		if (dp->dad_arp_ocount < dp->dad_count)
1771 			adelay = (PROBE_MIN * hz) +
1772 			    (cprng_fast32() %
1773 			    ((PROBE_MAX * hz) - (PROBE_MIN * hz)));
1774 		else
1775 			adelay = ANNOUNCE_WAIT * hz;
1776 		arp_dad_starttimer(dp, adelay);
1777 		goto done;
1778 	} else if (dp->dad_arp_acount == 0) {
1779 		/*
1780 		 * We are done with DAD.
1781 		 * No duplicate address found.
1782 		 */
1783 		ia->ia4_flags &= ~IN_IFF_TENTATIVE;
1784 		rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL);
1785 		arplog((LOG_DEBUG,
1786 		    "%s: DAD complete for %s - no duplicates found\n",
1787 		    if_name(ifa->ifa_ifp),
1788 		    in_fmtaddr(ia->ia_addr.sin_addr)));
1789 		dp->dad_arp_announce = ANNOUNCE_NUM;
1790 		goto announce;
1791 	} else if (dp->dad_arp_acount < dp->dad_arp_announce) {
1792 announce:
1793 		/*
1794 		 * Announce the address.
1795 		 */
1796 		ip = &IA_SIN(ifa)->sin_addr;
1797 		arprequest(ifa->ifa_ifp, ip, ip,
1798 		    CLLADDR(ifa->ifa_ifp->if_sadl));
1799 		dp->dad_arp_acount++;
1800 		if (dp->dad_arp_acount < dp->dad_arp_announce) {
1801 			arp_dad_starttimer(dp, ANNOUNCE_INTERVAL * hz);
1802 			goto done;
1803 		}
1804 		arplog((LOG_DEBUG,
1805 		    "%s: ARP announcement complete for %s\n",
1806 		    if_name(ifa->ifa_ifp),
1807 		    in_fmtaddr(ia->ia_addr.sin_addr)));
1808 	}
1809 
1810 	TAILQ_REMOVE(&dadq, dp, dad_list);
1811 	free(dp, M_IPARP);
1812 	dp = NULL;
1813 	ifafree(ifa);
1814 
1815 done:
1816 	KERNEL_UNLOCK_ONE(NULL);
1817 	mutex_exit(softnet_lock);
1818 }
1819 
1820 static void
1821 arp_dad_duplicated(struct ifaddr *ifa)
1822 {
1823 	struct in_ifaddr *ia = (struct in_ifaddr *)ifa;
1824 	struct ifnet *ifp;
1825 	struct dadq *dp;
1826 
1827 	dp = arp_dad_find(ifa);
1828 	if (dp == NULL) {
1829 		log(LOG_ERR, "arp_dad_duplicated: DAD structure not found\n");
1830 		return;
1831 	}
1832 
1833 	ifp = ifa->ifa_ifp;
1834 	log(LOG_ERR, "%s: DAD detected duplicate IPv4 address %s: "
1835 	    "ARP out=%d\n",
1836 	    if_name(ifp), in_fmtaddr(ia->ia_addr.sin_addr),
1837 	    dp->dad_arp_ocount);
1838 
1839 	ia->ia4_flags &= ~IN_IFF_TENTATIVE;
1840 	ia->ia4_flags |= IN_IFF_DUPLICATED;
1841 
1842 	/* We are done with DAD, with duplicated address found. (failure) */
1843 	arp_dad_stoptimer(dp);
1844 
1845 	/* Inform the routing socket that DAD has completed */
1846 	rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL);
1847 
1848 	TAILQ_REMOVE(&dadq, dp, dad_list);
1849 	free(dp, M_IPARP);
1850 	dp = NULL;
1851 	ifafree(ifa);
1852 }
1853 
1854 /*
1855  * Called from 10 Mb/s Ethernet interrupt handlers
1856  * when ether packet type ETHERTYPE_REVARP
1857  * is received.  Common length and type checks are done here,
1858  * then the protocol-specific routine is called.
1859  */
1860 void
1861 revarpinput(struct mbuf *m)
1862 {
1863 	struct arphdr *ar;
1864 
1865 	if (m->m_len < sizeof(struct arphdr))
1866 		goto out;
1867 	ar = mtod(m, struct arphdr *);
1868 #if 0 /* XXX I don't think we need this... and it will prevent other LL */
1869 	if (ntohs(ar->ar_hrd) != ARPHRD_ETHER)
1870 		goto out;
1871 #endif
1872 	if (m->m_len < sizeof(struct arphdr) + 2 * (ar->ar_hln + ar->ar_pln))
1873 		goto out;
1874 	switch (ntohs(ar->ar_pro)) {
1875 	case ETHERTYPE_IP:
1876 	case ETHERTYPE_IPTRAILERS:
1877 		in_revarpinput(m);
1878 		return;
1879 
1880 	default:
1881 		break;
1882 	}
1883 out:
1884 	m_freem(m);
1885 }
1886 
1887 /*
1888  * RARP for Internet protocols on 10 Mb/s Ethernet.
1889  * Algorithm is that given in RFC 903.
1890  * We are only using for bootstrap purposes to get an ip address for one of
1891  * our interfaces.  Thus we support no user-interface.
1892  *
1893  * Since the contents of the RARP reply are specific to the interface that
1894  * sent the request, this code must ensure that they are properly associated.
1895  *
1896  * Note: also supports ARP via RARP packets, per the RFC.
1897  */
1898 void
1899 in_revarpinput(struct mbuf *m)
1900 {
1901 	struct ifnet *ifp;
1902 	struct arphdr *ah;
1903 	void *tha;
1904 	int op;
1905 
1906 	ah = mtod(m, struct arphdr *);
1907 	op = ntohs(ah->ar_op);
1908 
1909 	switch (m->m_pkthdr.rcvif->if_type) {
1910 	case IFT_IEEE1394:
1911 		/* ARP without target hardware address is not supported */
1912 		goto out;
1913 	default:
1914 		break;
1915 	}
1916 
1917 	switch (op) {
1918 	case ARPOP_REQUEST:
1919 	case ARPOP_REPLY:	/* per RFC */
1920 		in_arpinput(m);
1921 		return;
1922 	case ARPOP_REVREPLY:
1923 		break;
1924 	case ARPOP_REVREQUEST:	/* handled by rarpd(8) */
1925 	default:
1926 		goto out;
1927 	}
1928 	if (!revarp_in_progress)
1929 		goto out;
1930 	ifp = m->m_pkthdr.rcvif;
1931 	if (ifp != myip_ifp) /* !same interface */
1932 		goto out;
1933 	if (myip_initialized)
1934 		goto wake;
1935 	tha = ar_tha(ah);
1936 	if (tha == NULL)
1937 		goto out;
1938 	if (memcmp(tha, CLLADDR(ifp->if_sadl), ifp->if_sadl->sdl_alen))
1939 		goto out;
1940 	memcpy(&srv_ip, ar_spa(ah), sizeof(srv_ip));
1941 	memcpy(&myip, ar_tpa(ah), sizeof(myip));
1942 	myip_initialized = 1;
1943 wake:	/* Do wakeup every time in case it was missed. */
1944 	wakeup((void *)&myip);
1945 
1946 out:
1947 	m_freem(m);
1948 }
1949 
1950 /*
1951  * Send a RARP request for the ip address of the specified interface.
1952  * The request should be RFC 903-compliant.
1953  */
1954 void
1955 revarprequest(struct ifnet *ifp)
1956 {
1957 	struct sockaddr sa;
1958 	struct mbuf *m;
1959 	struct arphdr *ah;
1960 	void *tha;
1961 
1962 	if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
1963 		return;
1964 	MCLAIM(m, &arpdomain.dom_mowner);
1965 	m->m_len = sizeof(*ah) + 2*sizeof(struct in_addr) +
1966 	    2*ifp->if_addrlen;
1967 	m->m_pkthdr.len = m->m_len;
1968 	MH_ALIGN(m, m->m_len);
1969 	ah = mtod(m, struct arphdr *);
1970 	memset(ah, 0, m->m_len);
1971 	ah->ar_pro = htons(ETHERTYPE_IP);
1972 	ah->ar_hln = ifp->if_addrlen;		/* hardware address length */
1973 	ah->ar_pln = sizeof(struct in_addr);	/* protocol address length */
1974 	ah->ar_op = htons(ARPOP_REVREQUEST);
1975 
1976 	memcpy(ar_sha(ah), CLLADDR(ifp->if_sadl), ah->ar_hln);
1977 	tha = ar_tha(ah);
1978 	if (tha == NULL) {
1979 		m_free(m);
1980 		return;
1981 	}
1982 	memcpy(tha, CLLADDR(ifp->if_sadl), ah->ar_hln);
1983 
1984 	sa.sa_family = AF_ARP;
1985 	sa.sa_len = 2;
1986 	m->m_flags |= M_BCAST;
1987 
1988 	KERNEL_LOCK(1, NULL);
1989 	(*ifp->if_output)(ifp, m, &sa, NULL);
1990 	KERNEL_UNLOCK_ONE(NULL);
1991 }
1992 
1993 /*
1994  * RARP for the ip address of the specified interface, but also
1995  * save the ip address of the server that sent the answer.
1996  * Timeout if no response is received.
1997  */
1998 int
1999 revarpwhoarewe(struct ifnet *ifp, struct in_addr *serv_in,
2000     struct in_addr *clnt_in)
2001 {
2002 	int result, count = 20;
2003 
2004 	myip_initialized = 0;
2005 	myip_ifp = ifp;
2006 
2007 	revarp_in_progress = 1;
2008 	while (count--) {
2009 		revarprequest(ifp);
2010 		result = tsleep((void *)&myip, PSOCK, "revarp", hz/2);
2011 		if (result != EWOULDBLOCK)
2012 			break;
2013 	}
2014 	revarp_in_progress = 0;
2015 
2016 	if (!myip_initialized)
2017 		return ENETUNREACH;
2018 
2019 	memcpy(serv_in, &srv_ip, sizeof(*serv_in));
2020 	memcpy(clnt_in, &myip, sizeof(*clnt_in));
2021 	return 0;
2022 }
2023 
2024 
2025 
2026 #ifdef DDB
2027 
2028 #include <machine/db_machdep.h>
2029 #include <ddb/db_interface.h>
2030 #include <ddb/db_output.h>
2031 
2032 static void
2033 db_print_sa(const struct sockaddr *sa)
2034 {
2035 	int len;
2036 	const u_char *p;
2037 
2038 	if (sa == NULL) {
2039 		db_printf("[NULL]");
2040 		return;
2041 	}
2042 
2043 	p = (const u_char *)sa;
2044 	len = sa->sa_len;
2045 	db_printf("[");
2046 	while (len > 0) {
2047 		db_printf("%d", *p);
2048 		p++; len--;
2049 		if (len) db_printf(",");
2050 	}
2051 	db_printf("]\n");
2052 }
2053 
2054 static void
2055 db_print_ifa(struct ifaddr *ifa)
2056 {
2057 	if (ifa == NULL)
2058 		return;
2059 	db_printf("  ifa_addr=");
2060 	db_print_sa(ifa->ifa_addr);
2061 	db_printf("  ifa_dsta=");
2062 	db_print_sa(ifa->ifa_dstaddr);
2063 	db_printf("  ifa_mask=");
2064 	db_print_sa(ifa->ifa_netmask);
2065 	db_printf("  flags=0x%x,refcnt=%d,metric=%d\n",
2066 			  ifa->ifa_flags,
2067 			  ifa->ifa_refcnt,
2068 			  ifa->ifa_metric);
2069 }
2070 
2071 static void
2072 db_print_llinfo(void *li)
2073 {
2074 	struct llinfo_arp *la;
2075 
2076 	if (li == NULL)
2077 		return;
2078 	la = (struct llinfo_arp *)li;
2079 	db_printf("  la_rt=%p la_hold=%p, la_asked=0x%lx\n",
2080 			  la->la_rt, la->la_hold, la->la_asked);
2081 }
2082 
2083 /*
2084  * Function to pass to rt_walktree().
2085  * Return non-zero error to abort walk.
2086  */
2087 static int
2088 db_show_rtentry(struct rtentry *rt, void *w)
2089 {
2090 	db_printf("rtentry=%p", rt);
2091 
2092 	db_printf(" flags=0x%x refcnt=%d use=%"PRId64" expire=%"PRId64"\n",
2093 			  rt->rt_flags, rt->rt_refcnt,
2094 			  rt->rt_use, (uint64_t)rt->rt_expire);
2095 
2096 	db_printf(" key="); db_print_sa(rt_getkey(rt));
2097 	db_printf(" mask="); db_print_sa(rt_mask(rt));
2098 	db_printf(" gw="); db_print_sa(rt->rt_gateway);
2099 
2100 	db_printf(" ifp=%p ", rt->rt_ifp);
2101 	if (rt->rt_ifp)
2102 		db_printf("(%s)", rt->rt_ifp->if_xname);
2103 	else
2104 		db_printf("(NULL)");
2105 
2106 	db_printf(" ifa=%p\n", rt->rt_ifa);
2107 	db_print_ifa(rt->rt_ifa);
2108 
2109 	db_printf(" gwroute=%p llinfo=%p\n",
2110 			  rt->rt_gwroute, rt->rt_llinfo);
2111 	db_print_llinfo(rt->rt_llinfo);
2112 
2113 	return 0;
2114 }
2115 
2116 /*
2117  * Function to print all the route trees.
2118  * Use this from ddb:  "show arptab"
2119  */
2120 void
2121 db_show_arptab(db_expr_t addr, bool have_addr,
2122     db_expr_t count, const char *modif)
2123 {
2124 	rt_walktree(AF_INET, db_show_rtentry, NULL);
2125 }
2126 #endif
2127 
2128 void
2129 arp_stat_add(int type, uint64_t count)
2130 {
2131 	ARP_STATADD(type, count);
2132 }
2133 
2134 static int
2135 sysctl_net_inet_arp_stats(SYSCTLFN_ARGS)
2136 {
2137 
2138 	return NETSTAT_SYSCTL(arpstat_percpu, ARP_NSTATS);
2139 }
2140 
2141 static void
2142 sysctl_net_inet_arp_setup(struct sysctllog **clog)
2143 {
2144 	const struct sysctlnode *node;
2145 
2146 	sysctl_createv(clog, 0, NULL, NULL,
2147 			CTLFLAG_PERMANENT,
2148 			CTLTYPE_NODE, "inet", NULL,
2149 			NULL, 0, NULL, 0,
2150 			CTL_NET, PF_INET, CTL_EOL);
2151 	sysctl_createv(clog, 0, NULL, &node,
2152 			CTLFLAG_PERMANENT,
2153 			CTLTYPE_NODE, "arp",
2154 			SYSCTL_DESCR("Address Resolution Protocol"),
2155 			NULL, 0, NULL, 0,
2156 			CTL_NET, PF_INET, CTL_CREATE, CTL_EOL);
2157 
2158 	sysctl_createv(clog, 0, NULL, NULL,
2159 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2160 			CTLTYPE_INT, "keep",
2161 			SYSCTL_DESCR("Valid ARP entry lifetime in seconds"),
2162 			NULL, 0, &arpt_keep, 0,
2163 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2164 
2165 	sysctl_createv(clog, 0, NULL, NULL,
2166 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2167 			CTLTYPE_INT, "down",
2168 			SYSCTL_DESCR("Failed ARP entry lifetime in seconds"),
2169 			NULL, 0, &arpt_down, 0,
2170 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2171 
2172 	sysctl_createv(clog, 0, NULL, NULL,
2173 			CTLFLAG_PERMANENT,
2174 			CTLTYPE_STRUCT, "stats",
2175 			SYSCTL_DESCR("ARP statistics"),
2176 			sysctl_net_inet_arp_stats, 0, NULL, 0,
2177 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2178 
2179 	sysctl_createv(clog, 0, NULL, NULL,
2180 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2181 			CTLTYPE_INT, "log_movements",
2182 			SYSCTL_DESCR("log ARP replies from MACs different than"
2183 			    " the one in the cache"),
2184 			NULL, 0, &log_movements, 0,
2185 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2186 
2187 	sysctl_createv(clog, 0, NULL, NULL,
2188 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2189 			CTLTYPE_INT, "log_permanent_modify",
2190 			SYSCTL_DESCR("log ARP replies from MACs different than"
2191 			    " the one in the permanent arp entry"),
2192 			NULL, 0, &log_permanent_modify, 0,
2193 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2194 
2195 	sysctl_createv(clog, 0, NULL, NULL,
2196 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2197 			CTLTYPE_INT, "log_wrong_iface",
2198 			SYSCTL_DESCR("log ARP packets arriving on the wrong"
2199 			    " interface"),
2200 			NULL, 0, &log_wrong_iface, 0,
2201 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2202 
2203 	sysctl_createv(clog, 0, NULL, NULL,
2204 			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2205 			CTLTYPE_INT, "log_unknown_network",
2206 			SYSCTL_DESCR("log ARP packets from non-local network"),
2207 			NULL, 0, &log_unknown_network, 0,
2208 			CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2209 
2210 	sysctl_createv(clog, 0, NULL, NULL,
2211 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2212 		       CTLTYPE_INT, "debug",
2213 		       SYSCTL_DESCR("Enable ARP DAD debug output"),
2214 		       NULL, 0, &arp_debug, 0,
2215 		       CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2216 }
2217 
2218 #endif /* INET */
2219