1 /* $NetBSD: mld6.c,v 1.74 2016/08/01 03:15:31 ozaki-r Exp $ */ 2 /* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1992, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * This code is derived from software contributed to Berkeley by 38 * Stephen Deering of Stanford University. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 3. Neither the name of the University nor the names of its contributors 49 * may be used to endorse or promote products derived from this software 50 * without specific prior written permission. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 53 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 55 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 56 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 57 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 58 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 59 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 60 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 61 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 62 * SUCH DAMAGE. 63 * 64 * @(#)igmp.c 8.1 (Berkeley) 7/19/93 65 */ 66 67 /* 68 * Copyright (c) 1988 Stephen Deering. 69 * 70 * This code is derived from software contributed to Berkeley by 71 * Stephen Deering of Stanford University. 72 * 73 * Redistribution and use in source and binary forms, with or without 74 * modification, are permitted provided that the following conditions 75 * are met: 76 * 1. Redistributions of source code must retain the above copyright 77 * notice, this list of conditions and the following disclaimer. 78 * 2. Redistributions in binary form must reproduce the above copyright 79 * notice, this list of conditions and the following disclaimer in the 80 * documentation and/or other materials provided with the distribution. 81 * 3. All advertising materials mentioning features or use of this software 82 * must display the following acknowledgement: 83 * This product includes software developed by the University of 84 * California, Berkeley and its contributors. 85 * 4. Neither the name of the University nor the names of its contributors 86 * may be used to endorse or promote products derived from this software 87 * without specific prior written permission. 88 * 89 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 90 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 91 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 92 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 93 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 94 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 95 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 96 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 97 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 98 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 99 * SUCH DAMAGE. 100 * 101 * @(#)igmp.c 8.1 (Berkeley) 7/19/93 102 */ 103 104 #include <sys/cdefs.h> 105 __KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.74 2016/08/01 03:15:31 ozaki-r Exp $"); 106 107 #ifdef _KERNEL_OPT 108 #include "opt_inet.h" 109 #endif 110 111 #include <sys/param.h> 112 #include <sys/systm.h> 113 #include <sys/mbuf.h> 114 #include <sys/socket.h> 115 #include <sys/socketvar.h> 116 #include <sys/protosw.h> 117 #include <sys/syslog.h> 118 #include <sys/sysctl.h> 119 #include <sys/kernel.h> 120 #include <sys/callout.h> 121 #include <sys/cprng.h> 122 123 #include <net/if.h> 124 125 #include <netinet/in.h> 126 #include <netinet/in_var.h> 127 #include <netinet6/in6_var.h> 128 #include <netinet/ip6.h> 129 #include <netinet6/ip6_var.h> 130 #include <netinet6/scope6_var.h> 131 #include <netinet/icmp6.h> 132 #include <netinet6/icmp6_private.h> 133 #include <netinet6/mld6_var.h> 134 135 #include <net/net_osdep.h> 136 137 138 /* 139 * This structure is used to keep track of in6_multi chains which belong to 140 * deleted interface addresses. 141 */ 142 static LIST_HEAD(, multi6_kludge) in6_mk = LIST_HEAD_INITIALIZER(in6_mk); 143 144 struct multi6_kludge { 145 LIST_ENTRY(multi6_kludge) mk_entry; 146 struct ifnet *mk_ifp; 147 struct in6_multihead mk_head; 148 }; 149 150 151 /* 152 * Protocol constants 153 */ 154 155 /* 156 * time between repetitions of a node's initial report of interest in a 157 * multicast address(in seconds) 158 */ 159 #define MLD_UNSOLICITED_REPORT_INTERVAL 10 160 161 static struct ip6_pktopts ip6_opts; 162 163 static void mld_start_listening(struct in6_multi *); 164 static void mld_stop_listening(struct in6_multi *); 165 166 static struct mld_hdr * mld_allocbuf(struct mbuf **, int, struct in6_multi *, 167 int); 168 static void mld_sendpkt(struct in6_multi *, int, const struct in6_addr *); 169 static void mld_starttimer(struct in6_multi *); 170 static void mld_stoptimer(struct in6_multi *); 171 static u_long mld_timerresid(struct in6_multi *); 172 173 void 174 mld_init(void) 175 { 176 static u_int8_t hbh_buf[8]; 177 struct ip6_hbh *hbh = (struct ip6_hbh *)hbh_buf; 178 u_int16_t rtalert_code = htons((u_int16_t)IP6OPT_RTALERT_MLD); 179 180 /* ip6h_nxt will be fill in later */ 181 hbh->ip6h_len = 0; /* (8 >> 3) - 1 */ 182 183 /* XXX: grotty hard coding... */ 184 hbh_buf[2] = IP6OPT_PADN; /* 2 byte padding */ 185 hbh_buf[3] = 0; 186 hbh_buf[4] = IP6OPT_RTALERT; 187 hbh_buf[5] = IP6OPT_RTALERT_LEN - 2; 188 memcpy(&hbh_buf[6], (void *)&rtalert_code, sizeof(u_int16_t)); 189 190 ip6_opts.ip6po_hbh = hbh; 191 /* We will specify the hoplimit by a multicast option. */ 192 ip6_opts.ip6po_hlim = -1; 193 ip6_opts.ip6po_prefer_tempaddr = IP6PO_TEMPADDR_NOTPREFER; 194 } 195 196 static void 197 mld_starttimer(struct in6_multi *in6m) 198 { 199 struct timeval now; 200 201 KASSERT(in6m->in6m_timer != IN6M_TIMER_UNDEF); 202 203 microtime(&now); 204 in6m->in6m_timer_expire.tv_sec = now.tv_sec + in6m->in6m_timer / hz; 205 in6m->in6m_timer_expire.tv_usec = now.tv_usec + 206 (in6m->in6m_timer % hz) * (1000000 / hz); 207 if (in6m->in6m_timer_expire.tv_usec > 1000000) { 208 in6m->in6m_timer_expire.tv_sec++; 209 in6m->in6m_timer_expire.tv_usec -= 1000000; 210 } 211 212 /* start or restart the timer */ 213 callout_schedule(&in6m->in6m_timer_ch, in6m->in6m_timer); 214 } 215 216 static void 217 mld_stoptimer(struct in6_multi *in6m) 218 { 219 if (in6m->in6m_timer == IN6M_TIMER_UNDEF) 220 return; 221 222 callout_stop(&in6m->in6m_timer_ch); 223 224 in6m->in6m_timer = IN6M_TIMER_UNDEF; 225 } 226 227 static void 228 mld_timeo(void *arg) 229 { 230 struct in6_multi *in6m = arg; 231 232 mutex_enter(softnet_lock); 233 KERNEL_LOCK(1, NULL); 234 235 if (in6m->in6m_timer == IN6M_TIMER_UNDEF) 236 goto out; 237 238 in6m->in6m_timer = IN6M_TIMER_UNDEF; 239 240 switch (in6m->in6m_state) { 241 case MLD_REPORTPENDING: 242 mld_start_listening(in6m); 243 break; 244 default: 245 mld_sendpkt(in6m, MLD_LISTENER_REPORT, NULL); 246 break; 247 } 248 249 out: 250 KERNEL_UNLOCK_ONE(NULL); 251 mutex_exit(softnet_lock); 252 } 253 254 static u_long 255 mld_timerresid(struct in6_multi *in6m) 256 { 257 struct timeval now, diff; 258 259 microtime(&now); 260 261 if (now.tv_sec > in6m->in6m_timer_expire.tv_sec || 262 (now.tv_sec == in6m->in6m_timer_expire.tv_sec && 263 now.tv_usec > in6m->in6m_timer_expire.tv_usec)) { 264 return (0); 265 } 266 diff = in6m->in6m_timer_expire; 267 diff.tv_sec -= now.tv_sec; 268 diff.tv_usec -= now.tv_usec; 269 if (diff.tv_usec < 0) { 270 diff.tv_sec--; 271 diff.tv_usec += 1000000; 272 } 273 274 /* return the remaining time in milliseconds */ 275 return diff.tv_sec * 1000 + diff.tv_usec / 1000; 276 } 277 278 static void 279 mld_start_listening(struct in6_multi *in6m) 280 { 281 struct in6_addr all_in6; 282 283 /* 284 * RFC2710 page 10: 285 * The node never sends a Report or Done for the link-scope all-nodes 286 * address. 287 * MLD messages are never sent for multicast addresses whose scope is 0 288 * (reserved) or 1 (node-local). 289 */ 290 all_in6 = in6addr_linklocal_allnodes; 291 if (in6_setscope(&all_in6, in6m->in6m_ifp, NULL)) { 292 /* XXX: this should not happen! */ 293 in6m->in6m_timer = 0; 294 in6m->in6m_state = MLD_OTHERLISTENER; 295 } 296 if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) || 297 IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) { 298 in6m->in6m_timer = IN6M_TIMER_UNDEF; 299 in6m->in6m_state = MLD_OTHERLISTENER; 300 } else { 301 mld_sendpkt(in6m, MLD_LISTENER_REPORT, NULL); 302 in6m->in6m_timer = cprng_fast32() % 303 (MLD_UNSOLICITED_REPORT_INTERVAL * hz); 304 in6m->in6m_state = MLD_IREPORTEDLAST; 305 306 mld_starttimer(in6m); 307 } 308 } 309 310 static void 311 mld_stop_listening(struct in6_multi *in6m) 312 { 313 struct in6_addr allnode, allrouter; 314 315 allnode = in6addr_linklocal_allnodes; 316 if (in6_setscope(&allnode, in6m->in6m_ifp, NULL)) { 317 /* XXX: this should not happen! */ 318 return; 319 } 320 allrouter = in6addr_linklocal_allrouters; 321 if (in6_setscope(&allrouter, in6m->in6m_ifp, NULL)) { 322 /* XXX impossible */ 323 return; 324 } 325 326 if (in6m->in6m_state == MLD_IREPORTEDLAST && 327 (!IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &allnode)) && 328 IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) > 329 IPV6_ADDR_SCOPE_INTFACELOCAL) { 330 mld_sendpkt(in6m, MLD_LISTENER_DONE, &allrouter); 331 } 332 } 333 334 void 335 mld_input(struct mbuf *m, int off) 336 { 337 struct ip6_hdr *ip6; 338 struct mld_hdr *mldh; 339 struct ifnet *ifp; 340 struct in6_multi *in6m = NULL; 341 struct in6_addr mld_addr, all_in6; 342 struct in6_ifaddr *ia; 343 u_long timer = 0; /* timer value in the MLD query header */ 344 int s; 345 346 ifp = m_get_rcvif(m, &s); 347 IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh)); 348 if (mldh == NULL) { 349 ICMP6_STATINC(ICMP6_STAT_TOOSHORT); 350 goto out_nodrop; 351 } 352 353 /* source address validation */ 354 ip6 = mtod(m, struct ip6_hdr *);/* in case mpullup */ 355 if (!IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_src)) { 356 /* 357 * RFC3590 allows the IPv6 unspecified address as the source 358 * address of MLD report and done messages. However, as this 359 * same document says, this special rule is for snooping 360 * switches and the RFC requires routers to discard MLD packets 361 * with the unspecified source address. The RFC only talks 362 * about hosts receiving an MLD query or report in Security 363 * Considerations, but this is probably the correct intention. 364 * RFC3590 does not talk about other cases than link-local and 365 * the unspecified source addresses, but we believe the same 366 * rule should be applied. 367 * As a result, we only allow link-local addresses as the 368 * source address; otherwise, simply discard the packet. 369 */ 370 #if 0 371 /* 372 * XXX: do not log in an input path to avoid log flooding, 373 * though RFC3590 says "SHOULD log" if the source of a query 374 * is the unspecified address. 375 */ 376 log(LOG_INFO, 377 "mld_input: src %s is not link-local (grp=%s)\n", 378 ip6_sprintf(&ip6->ip6_src), ip6_sprintf(&mldh->mld_addr)); 379 #endif 380 goto out; 381 } 382 383 /* 384 * make a copy for local work (in6_setscope() may modify the 1st arg) 385 */ 386 mld_addr = mldh->mld_addr; 387 if (in6_setscope(&mld_addr, ifp, NULL)) { 388 /* XXX: this should not happen! */ 389 goto out; 390 } 391 392 /* 393 * In the MLD specification, there are 3 states and a flag. 394 * 395 * In Non-Listener state, we simply don't have a membership record. 396 * In Delaying Listener state, our timer is running (in6m->in6m_timer) 397 * In Idle Listener state, our timer is not running 398 * (in6m->in6m_timer==IN6M_TIMER_UNDEF) 399 * 400 * The flag is in6m->in6m_state, it is set to MLD_OTHERLISTENER if 401 * we have heard a report from another member, or MLD_IREPORTEDLAST 402 * if we sent the last report. 403 */ 404 switch (mldh->mld_type) { 405 case MLD_LISTENER_QUERY: { 406 struct psref psref; 407 408 if (ifp->if_flags & IFF_LOOPBACK) 409 break; 410 411 if (!IN6_IS_ADDR_UNSPECIFIED(&mld_addr) && 412 !IN6_IS_ADDR_MULTICAST(&mld_addr)) 413 break; /* print error or log stat? */ 414 415 all_in6 = in6addr_linklocal_allnodes; 416 if (in6_setscope(&all_in6, ifp, NULL)) { 417 /* XXX: this should not happen! */ 418 break; 419 } 420 421 /* 422 * - Start the timers in all of our membership records 423 * that the query applies to for the interface on 424 * which the query arrived excl. those that belong 425 * to the "all-nodes" group (ff02::1). 426 * - Restart any timer that is already running but has 427 * a value longer than the requested timeout. 428 * - Use the value specified in the query message as 429 * the maximum timeout. 430 */ 431 timer = ntohs(mldh->mld_maxdelay); 432 433 ia = in6_get_ia_from_ifp_psref(ifp, &psref); 434 if (ia == NULL) 435 break; 436 437 /* The following operations may sleep */ 438 m_put_rcvif(ifp, &s); 439 ifp = NULL; 440 441 LIST_FOREACH(in6m, &ia->ia6_multiaddrs, in6m_entry) { 442 if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) || 443 IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < 444 IPV6_ADDR_SCOPE_LINKLOCAL) 445 continue; 446 447 if (in6m->in6m_state == MLD_REPORTPENDING) 448 continue; /* we are not yet ready */ 449 450 if (!IN6_IS_ADDR_UNSPECIFIED(&mld_addr) && 451 !IN6_ARE_ADDR_EQUAL(&mld_addr, &in6m->in6m_addr)) 452 continue; 453 454 if (timer == 0) { 455 /* send a report immediately */ 456 mld_stoptimer(in6m); 457 mld_sendpkt(in6m, MLD_LISTENER_REPORT, NULL); 458 in6m->in6m_state = MLD_IREPORTEDLAST; 459 } else if (in6m->in6m_timer == IN6M_TIMER_UNDEF || 460 mld_timerresid(in6m) > timer) { 461 in6m->in6m_timer = 462 1 + (cprng_fast32() % timer) * hz / 1000; 463 mld_starttimer(in6m); 464 } 465 } 466 ia6_release(ia, &psref); 467 break; 468 } 469 470 case MLD_LISTENER_REPORT: 471 /* 472 * For fast leave to work, we have to know that we are the 473 * last person to send a report for this group. Reports 474 * can potentially get looped back if we are a multicast 475 * router, so discard reports sourced by me. 476 * Note that it is impossible to check IFF_LOOPBACK flag of 477 * ifp for this purpose, since ip6_mloopback pass the physical 478 * interface to looutput. 479 */ 480 if (m->m_flags & M_LOOP) /* XXX: grotty flag, but efficient */ 481 break; 482 483 if (!IN6_IS_ADDR_MULTICAST(&mldh->mld_addr)) 484 break; 485 486 /* 487 * If we belong to the group being reported, stop 488 * our timer for that group. 489 */ 490 IN6_LOOKUP_MULTI(mld_addr, ifp, in6m); 491 if (in6m) { 492 mld_stoptimer(in6m); /* transit to idle state */ 493 in6m->in6m_state = MLD_OTHERLISTENER; /* clear flag */ 494 } 495 break; 496 default: /* this is impossible */ 497 #if 0 498 /* 499 * this case should be impossible because of filtering in 500 * icmp6_input(). But we explicitly disabled this part 501 * just in case. 502 */ 503 log(LOG_ERR, "mld_input: illegal type(%d)", mldh->mld_type); 504 #endif 505 break; 506 } 507 508 out: 509 m_freem(m); 510 out_nodrop: 511 m_put_rcvif(ifp, &s); 512 } 513 514 static void 515 mld_sendpkt(struct in6_multi *in6m, int type, 516 const struct in6_addr *dst) 517 { 518 struct mbuf *mh; 519 struct mld_hdr *mldh; 520 struct ip6_hdr *ip6 = NULL; 521 struct ip6_moptions im6o; 522 struct in6_ifaddr *ia = NULL; 523 struct ifnet *ifp = in6m->in6m_ifp; 524 int ignflags; 525 struct psref psref; 526 int bound; 527 528 /* 529 * At first, find a link local address on the outgoing interface 530 * to use as the source address of the MLD packet. 531 * We do not reject tentative addresses for MLD report to deal with 532 * the case where we first join a link-local address. 533 */ 534 ignflags = (IN6_IFF_NOTREADY|IN6_IFF_ANYCAST) & ~IN6_IFF_TENTATIVE; 535 bound = curlwp_bind(); 536 ia = in6ifa_ifpforlinklocal_psref(ifp, ignflags, &psref); 537 if (ia == NULL) { 538 curlwp_bindx(bound); 539 return; 540 } 541 if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) { 542 ia6_release(ia, &psref); 543 ia = NULL; 544 } 545 546 /* Allocate two mbufs to store IPv6 header and MLD header */ 547 mldh = mld_allocbuf(&mh, sizeof(struct mld_hdr), in6m, type); 548 if (mldh == NULL) { 549 ia6_release(ia, &psref); 550 curlwp_bindx(bound); 551 return; 552 } 553 554 /* fill src/dst here */ 555 ip6 = mtod(mh, struct ip6_hdr *); 556 ip6->ip6_src = ia ? ia->ia_addr.sin6_addr : in6addr_any; 557 ip6->ip6_dst = dst ? *dst : in6m->in6m_addr; 558 ia6_release(ia, &psref); 559 curlwp_bindx(bound); 560 561 mldh->mld_addr = in6m->in6m_addr; 562 in6_clearscope(&mldh->mld_addr); /* XXX */ 563 mldh->mld_cksum = in6_cksum(mh, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), 564 sizeof(struct mld_hdr)); 565 566 /* construct multicast option */ 567 memset(&im6o, 0, sizeof(im6o)); 568 im6o.im6o_multicast_if_index = if_get_index(ifp); 569 im6o.im6o_multicast_hlim = 1; 570 571 /* 572 * Request loopback of the report if we are acting as a multicast 573 * router, so that the process-level routing daemon can hear it. 574 */ 575 im6o.im6o_multicast_loop = (ip6_mrouter != NULL); 576 577 /* increment output statictics */ 578 ICMP6_STATINC(ICMP6_STAT_OUTHIST + type); 579 icmp6_ifstat_inc(ifp, ifs6_out_msg); 580 switch (type) { 581 case MLD_LISTENER_QUERY: 582 icmp6_ifstat_inc(ifp, ifs6_out_mldquery); 583 break; 584 case MLD_LISTENER_REPORT: 585 icmp6_ifstat_inc(ifp, ifs6_out_mldreport); 586 break; 587 case MLD_LISTENER_DONE: 588 icmp6_ifstat_inc(ifp, ifs6_out_mlddone); 589 break; 590 } 591 592 ip6_output(mh, &ip6_opts, NULL, ia ? 0 : IPV6_UNSPECSRC, 593 &im6o, NULL, NULL); 594 } 595 596 static struct mld_hdr * 597 mld_allocbuf(struct mbuf **mh, int len, struct in6_multi *in6m, 598 int type) 599 { 600 struct mbuf *md; 601 struct mld_hdr *mldh; 602 struct ip6_hdr *ip6; 603 604 /* 605 * Allocate mbufs to store ip6 header and MLD header. 606 * We allocate 2 mbufs and make chain in advance because 607 * it is more convenient when inserting the hop-by-hop option later. 608 */ 609 MGETHDR(*mh, M_DONTWAIT, MT_HEADER); 610 if (*mh == NULL) 611 return NULL; 612 MGET(md, M_DONTWAIT, MT_DATA); 613 if (md == NULL) { 614 m_free(*mh); 615 *mh = NULL; 616 return NULL; 617 } 618 (*mh)->m_next = md; 619 md->m_next = NULL; 620 621 m_reset_rcvif((*mh)); 622 (*mh)->m_pkthdr.len = sizeof(struct ip6_hdr) + len; 623 (*mh)->m_len = sizeof(struct ip6_hdr); 624 MH_ALIGN(*mh, sizeof(struct ip6_hdr)); 625 626 /* fill in the ip6 header */ 627 ip6 = mtod(*mh, struct ip6_hdr *); 628 memset(ip6, 0, sizeof(*ip6)); 629 ip6->ip6_flow = 0; 630 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 631 ip6->ip6_vfc |= IPV6_VERSION; 632 /* ip6_plen will be set later */ 633 ip6->ip6_nxt = IPPROTO_ICMPV6; 634 /* ip6_hlim will be set by im6o.im6o_multicast_hlim */ 635 /* ip6_src/dst will be set by mld_sendpkt() or mld_sendbuf() */ 636 637 /* fill in the MLD header as much as possible */ 638 md->m_len = len; 639 mldh = mtod(md, struct mld_hdr *); 640 memset(mldh, 0, len); 641 mldh->mld_type = type; 642 return mldh; 643 } 644 645 /* 646 * Add an address to the list of IP6 multicast addresses for a given interface. 647 */ 648 struct in6_multi * 649 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, 650 int *errorp, int timer) 651 { 652 struct in6_ifaddr *ia; 653 struct sockaddr_in6 sin6; 654 struct in6_multi *in6m; 655 int s = splsoftnet(); 656 657 *errorp = 0; 658 659 /* 660 * See if address already in list. 661 */ 662 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 663 if (in6m != NULL) { 664 /* 665 * Found it; just increment the refrence count. 666 */ 667 in6m->in6m_refcount++; 668 } else { 669 int _s; 670 /* 671 * New address; allocate a new multicast record 672 * and link it into the interface's multicast list. 673 */ 674 in6m = (struct in6_multi *) 675 malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT|M_ZERO); 676 if (in6m == NULL) { 677 splx(s); 678 *errorp = ENOBUFS; 679 return (NULL); 680 } 681 682 in6m->in6m_addr = *maddr6; 683 in6m->in6m_ifp = ifp; 684 in6m->in6m_refcount = 1; 685 in6m->in6m_timer = IN6M_TIMER_UNDEF; 686 callout_init(&in6m->in6m_timer_ch, CALLOUT_MPSAFE); 687 callout_setfunc(&in6m->in6m_timer_ch, mld_timeo, in6m); 688 689 _s = pserialize_read_enter(); 690 ia = in6_get_ia_from_ifp(ifp); 691 if (ia == NULL) { 692 pserialize_read_exit(_s); 693 callout_destroy(&in6m->in6m_timer_ch); 694 free(in6m, M_IPMADDR); 695 splx(s); 696 *errorp = EADDRNOTAVAIL; /* appropriate? */ 697 return (NULL); 698 } 699 in6m->in6m_ia = ia; 700 ifaref(&ia->ia_ifa); /* gain a reference */ 701 /* FIXME NOMPSAFE: need to lock */ 702 LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); 703 pserialize_read_exit(_s); 704 705 /* 706 * Ask the network driver to update its multicast reception 707 * filter appropriately for the new address. 708 */ 709 sockaddr_in6_init(&sin6, maddr6, 0, 0, 0); 710 *errorp = if_mcast_op(ifp, SIOCADDMULTI, sin6tosa(&sin6)); 711 if (*errorp) { 712 callout_destroy(&in6m->in6m_timer_ch); 713 LIST_REMOVE(in6m, in6m_entry); 714 free(in6m, M_IPMADDR); 715 ifafree(&ia->ia_ifa); 716 splx(s); 717 return (NULL); 718 } 719 720 in6m->in6m_timer = timer; 721 if (in6m->in6m_timer > 0) { 722 in6m->in6m_state = MLD_REPORTPENDING; 723 mld_starttimer(in6m); 724 725 splx(s); 726 return (in6m); 727 } 728 729 /* 730 * Let MLD6 know that we have joined a new IP6 multicast 731 * group. 732 */ 733 mld_start_listening(in6m); 734 } 735 splx(s); 736 return (in6m); 737 } 738 739 /* 740 * Delete a multicast address record. 741 */ 742 void 743 in6_delmulti(struct in6_multi *in6m) 744 { 745 struct sockaddr_in6 sin6; 746 struct in6_ifaddr *ia; 747 int s = splsoftnet(); 748 749 mld_stoptimer(in6m); 750 751 if (--in6m->in6m_refcount == 0) { 752 int _s; 753 754 /* 755 * No remaining claims to this record; let MLD6 know 756 * that we are leaving the multicast group. 757 */ 758 mld_stop_listening(in6m); 759 760 /* 761 * Unlink from list. 762 */ 763 LIST_REMOVE(in6m, in6m_entry); 764 if (in6m->in6m_ia != NULL) { 765 ifafree(&in6m->in6m_ia->ia_ifa); /* release reference */ 766 in6m->in6m_ia = NULL; 767 } 768 769 /* 770 * Delete all references of this multicasting group from 771 * the membership arrays 772 */ 773 _s = pserialize_read_enter(); 774 IN6_ADDRLIST_READER_FOREACH(ia) { 775 struct in6_multi_mship *imm; 776 LIST_FOREACH(imm, &ia->ia6_memberships, i6mm_chain) { 777 if (imm->i6mm_maddr == in6m) 778 imm->i6mm_maddr = NULL; 779 } 780 } 781 pserialize_read_exit(_s); 782 783 /* 784 * Notify the network driver to update its multicast 785 * reception filter. 786 */ 787 sockaddr_in6_init(&sin6, &in6m->in6m_addr, 0, 0, 0); 788 if_mcast_op(in6m->in6m_ifp, SIOCDELMULTI, sin6tosa(&sin6)); 789 790 /* Tell mld_timeo we're halting the timer */ 791 in6m->in6m_timer = IN6M_TIMER_UNDEF; 792 callout_halt(&in6m->in6m_timer_ch, softnet_lock); 793 callout_destroy(&in6m->in6m_timer_ch); 794 795 free(in6m, M_IPMADDR); 796 } 797 splx(s); 798 } 799 800 801 struct in6_multi_mship * 802 in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, 803 int *errorp, int timer) 804 { 805 struct in6_multi_mship *imm; 806 807 imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT|M_ZERO); 808 if (imm == NULL) { 809 *errorp = ENOBUFS; 810 return NULL; 811 } 812 813 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp, timer); 814 if (!imm->i6mm_maddr) { 815 /* *errorp is already set */ 816 free(imm, M_IPMADDR); 817 return NULL; 818 } 819 return imm; 820 } 821 822 int 823 in6_leavegroup(struct in6_multi_mship *imm) 824 { 825 826 if (imm->i6mm_maddr) { 827 in6_delmulti(imm->i6mm_maddr); 828 } 829 free(imm, M_IPMADDR); 830 return 0; 831 } 832 833 834 /* 835 * Multicast address kludge: 836 * If there were any multicast addresses attached to this interface address, 837 * either move them to another address on this interface, or save them until 838 * such time as this interface is reconfigured for IPv6. 839 */ 840 void 841 in6_savemkludge(struct in6_ifaddr *oia) 842 { 843 struct in6_ifaddr *ia; 844 struct in6_multi *in6m; 845 int s; 846 847 s = pserialize_read_enter(); 848 ia = in6_get_ia_from_ifp(oia->ia_ifp); 849 if (ia) { /* there is another address */ 850 KASSERT(ia != oia); 851 while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) { 852 LIST_REMOVE(in6m, in6m_entry); 853 ifaref(&ia->ia_ifa); 854 ifafree(&in6m->in6m_ia->ia_ifa); 855 in6m->in6m_ia = ia; 856 /* FIXME NOMPSAFE: need to lock */ 857 LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); 858 } 859 } else { /* last address on this if deleted, save */ 860 struct multi6_kludge *mk; 861 862 LIST_FOREACH(mk, &in6_mk, mk_entry) { 863 if (mk->mk_ifp == oia->ia_ifp) 864 break; 865 } 866 if (mk == NULL) /* this should not happen! */ 867 panic("in6_savemkludge: no kludge space"); 868 869 while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) { 870 LIST_REMOVE(in6m, in6m_entry); 871 ifafree(&in6m->in6m_ia->ia_ifa); /* release reference */ 872 in6m->in6m_ia = NULL; 873 LIST_INSERT_HEAD(&mk->mk_head, in6m, in6m_entry); 874 } 875 } 876 pserialize_read_exit(s); 877 } 878 879 /* 880 * Continuation of multicast address hack: 881 * If there was a multicast group list previously saved for this interface, 882 * then we re-attach it to the first address configured on the i/f. 883 */ 884 void 885 in6_restoremkludge(struct in6_ifaddr *ia, struct ifnet *ifp) 886 { 887 struct multi6_kludge *mk; 888 struct in6_multi *in6m; 889 890 LIST_FOREACH(mk, &in6_mk, mk_entry) { 891 if (mk->mk_ifp == ifp) 892 break; 893 } 894 if (mk == NULL) 895 return; 896 while ((in6m = LIST_FIRST(&mk->mk_head)) != NULL) { 897 LIST_REMOVE(in6m, in6m_entry); 898 in6m->in6m_ia = ia; 899 ifaref(&ia->ia_ifa); 900 LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry); 901 } 902 } 903 904 /* 905 * Allocate space for the kludge at interface initialization time. 906 * Formerly, we dynamically allocated the space in in6_savemkludge() with 907 * malloc(M_WAITOK). However, it was wrong since the function could be called 908 * under an interrupt context (software timer on address lifetime expiration). 909 * Also, we cannot just give up allocating the strucutre, since the group 910 * membership structure is very complex and we need to keep it anyway. 911 * Of course, this function MUST NOT be called under an interrupt context. 912 * Specifically, it is expected to be called only from in6_ifattach(), though 913 * it is a global function. 914 */ 915 void 916 in6_createmkludge(struct ifnet *ifp) 917 { 918 struct multi6_kludge *mk; 919 920 LIST_FOREACH(mk, &in6_mk, mk_entry) { 921 /* If we've already had one, do not allocate. */ 922 if (mk->mk_ifp == ifp) 923 return; 924 } 925 926 mk = malloc(sizeof(*mk), M_IPMADDR, M_ZERO|M_WAITOK); 927 928 LIST_INIT(&mk->mk_head); 929 mk->mk_ifp = ifp; 930 LIST_INSERT_HEAD(&in6_mk, mk, mk_entry); 931 } 932 933 void 934 in6_purgemkludge(struct ifnet *ifp) 935 { 936 struct multi6_kludge *mk; 937 struct in6_multi *in6m, *next; 938 939 LIST_FOREACH(mk, &in6_mk, mk_entry) { 940 if (mk->mk_ifp == ifp) 941 break; 942 } 943 if (mk == NULL) 944 return; 945 946 /* leave from all multicast groups joined */ 947 for (in6m = LIST_FIRST(&mk->mk_head); in6m != NULL; in6m = next) { 948 next = LIST_NEXT(in6m, in6m_entry); 949 in6_delmulti(in6m); 950 } 951 LIST_REMOVE(mk, mk_entry); 952 free(mk, M_IPMADDR); 953 } 954 955 static int 956 in6_mkludge_sysctl(SYSCTLFN_ARGS) 957 { 958 struct multi6_kludge *mk; 959 struct in6_multi *in6m; 960 int error; 961 uint32_t tmp; 962 size_t written; 963 964 if (namelen != 1) 965 return EINVAL; 966 967 if (oldp == NULL) { 968 *oldlenp = 0; 969 LIST_FOREACH(mk, &in6_mk, mk_entry) { 970 if (mk->mk_ifp->if_index == name[0]) 971 continue; 972 LIST_FOREACH(in6m, &mk->mk_head, in6m_entry) { 973 *oldlenp += sizeof(struct in6_addr) + 974 sizeof(uint32_t); 975 } 976 } 977 return 0; 978 } 979 980 error = 0; 981 written = 0; 982 LIST_FOREACH(mk, &in6_mk, mk_entry) { 983 if (mk->mk_ifp->if_index == name[0]) 984 continue; 985 LIST_FOREACH(in6m, &mk->mk_head, in6m_entry) { 986 if (written + sizeof(struct in6_addr) + 987 sizeof(uint32_t) > *oldlenp) 988 goto done; 989 error = sysctl_copyout(l, &in6m->in6m_addr, 990 oldp, sizeof(struct in6_addr)); 991 if (error) 992 goto done; 993 oldp = (char *)oldp + sizeof(struct in6_addr); 994 written += sizeof(struct in6_addr); 995 tmp = in6m->in6m_refcount; 996 error = sysctl_copyout(l, &tmp, oldp, sizeof(tmp)); 997 if (error) 998 goto done; 999 oldp = (char *)oldp + sizeof(tmp); 1000 written += sizeof(tmp); 1001 } 1002 } 1003 1004 done: 1005 *oldlenp = written; 1006 return error; 1007 } 1008 1009 static int 1010 in6_multicast_sysctl(SYSCTLFN_ARGS) 1011 { 1012 struct ifnet *ifp; 1013 struct ifaddr *ifa; 1014 struct in6_ifaddr *ifa6; 1015 struct in6_multi *in6m; 1016 uint32_t tmp; 1017 int error; 1018 size_t written; 1019 struct psref psref, psref_ia; 1020 int bound, s; 1021 1022 if (namelen != 1) 1023 return EINVAL; 1024 1025 bound = curlwp_bind(); 1026 ifp = if_get_byindex(name[0], &psref); 1027 if (ifp == NULL) { 1028 curlwp_bindx(bound); 1029 return ENODEV; 1030 } 1031 1032 if (oldp == NULL) { 1033 *oldlenp = 0; 1034 s = pserialize_read_enter(); 1035 IFADDR_READER_FOREACH(ifa, ifp) { 1036 if (ifa->ifa_addr->sa_family != AF_INET6) 1037 continue; 1038 ifa6 = (struct in6_ifaddr *)ifa; 1039 LIST_FOREACH(in6m, &ifa6->ia6_multiaddrs, in6m_entry) { 1040 *oldlenp += 2 * sizeof(struct in6_addr) + 1041 sizeof(uint32_t); 1042 } 1043 } 1044 pserialize_read_exit(s); 1045 if_put(ifp, &psref); 1046 curlwp_bindx(bound); 1047 return 0; 1048 } 1049 1050 error = 0; 1051 written = 0; 1052 s = pserialize_read_enter(); 1053 IFADDR_READER_FOREACH(ifa, ifp) { 1054 if (ifa->ifa_addr->sa_family != AF_INET6) 1055 continue; 1056 1057 ifa_acquire(ifa, &psref_ia); 1058 pserialize_read_exit(s); 1059 1060 ifa6 = (struct in6_ifaddr *)ifa; 1061 LIST_FOREACH(in6m, &ifa6->ia6_multiaddrs, in6m_entry) { 1062 if (written + 2 * sizeof(struct in6_addr) + 1063 sizeof(uint32_t) > *oldlenp) 1064 goto done; 1065 error = sysctl_copyout(l, &ifa6->ia_addr.sin6_addr, 1066 oldp, sizeof(struct in6_addr)); 1067 if (error) 1068 goto done; 1069 oldp = (char *)oldp + sizeof(struct in6_addr); 1070 written += sizeof(struct in6_addr); 1071 error = sysctl_copyout(l, &in6m->in6m_addr, 1072 oldp, sizeof(struct in6_addr)); 1073 if (error) 1074 goto done; 1075 oldp = (char *)oldp + sizeof(struct in6_addr); 1076 written += sizeof(struct in6_addr); 1077 tmp = in6m->in6m_refcount; 1078 error = sysctl_copyout(l, &tmp, oldp, sizeof(tmp)); 1079 if (error) 1080 goto done; 1081 oldp = (char *)oldp + sizeof(tmp); 1082 written += sizeof(tmp); 1083 } 1084 1085 s = pserialize_read_enter(); 1086 ifa_release(ifa, &psref_ia); 1087 } 1088 pserialize_read_exit(s); 1089 done: 1090 ifa_release(ifa, &psref_ia); 1091 if_put(ifp, &psref); 1092 curlwp_bindx(bound); 1093 *oldlenp = written; 1094 return error; 1095 } 1096 1097 SYSCTL_SETUP(sysctl_in6_mklude_setup, "sysctl net.inet6.multicast_kludge subtree setup") 1098 { 1099 1100 sysctl_createv(clog, 0, NULL, NULL, 1101 CTLFLAG_PERMANENT, 1102 CTLTYPE_NODE, "inet6", NULL, 1103 NULL, 0, NULL, 0, 1104 CTL_NET, PF_INET6, CTL_EOL); 1105 1106 sysctl_createv(clog, 0, NULL, NULL, 1107 CTLFLAG_PERMANENT, 1108 CTLTYPE_NODE, "multicast", 1109 SYSCTL_DESCR("Multicast information"), 1110 in6_multicast_sysctl, 0, NULL, 0, 1111 CTL_NET, PF_INET6, CTL_CREATE, CTL_EOL); 1112 1113 sysctl_createv(clog, 0, NULL, NULL, 1114 CTLFLAG_PERMANENT, 1115 CTLTYPE_NODE, "multicast_kludge", 1116 SYSCTL_DESCR("multicast kludge information"), 1117 in6_mkludge_sysctl, 0, NULL, 0, 1118 CTL_NET, PF_INET6, CTL_CREATE, CTL_EOL); 1119 } 1120