1 /* $NetBSD: nd6.c,v 1.184 2016/01/08 08:50:07 ozaki-r Exp $ */ 2 /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.184 2016/01/08 08:50:07 ozaki-r Exp $"); 35 36 #ifdef _KERNEL_OPT 37 #include "opt_net_mpsafe.h" 38 #endif 39 40 #include "bridge.h" 41 #include "carp.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/callout.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/socket.h> 49 #include <sys/socketvar.h> 50 #include <sys/sockio.h> 51 #include <sys/time.h> 52 #include <sys/kernel.h> 53 #include <sys/protosw.h> 54 #include <sys/errno.h> 55 #include <sys/ioctl.h> 56 #include <sys/syslog.h> 57 #include <sys/queue.h> 58 #include <sys/cprng.h> 59 60 #include <net/if.h> 61 #include <net/if_dl.h> 62 #include <net/if_llatbl.h> 63 #include <net/if_types.h> 64 #include <net/route.h> 65 #include <net/if_ether.h> 66 #include <net/if_fddi.h> 67 #include <net/if_arc.h> 68 69 #include <netinet/in.h> 70 #include <netinet6/in6_var.h> 71 #include <netinet/ip6.h> 72 #include <netinet6/ip6_var.h> 73 #include <netinet6/scope6_var.h> 74 #include <netinet6/nd6.h> 75 #include <netinet6/in6_ifattach.h> 76 #include <netinet/icmp6.h> 77 #include <netinet6/icmp6_private.h> 78 79 #include <net/net_osdep.h> 80 81 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 82 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 83 84 /* timer values */ 85 int nd6_prune = 1; /* walk list every 1 seconds */ 86 int nd6_delay = 5; /* delay first probe time 5 second */ 87 int nd6_umaxtries = 3; /* maximum unicast query */ 88 int nd6_mmaxtries = 3; /* maximum multicast query */ 89 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 90 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 91 92 /* preventing too many loops in ND option parsing */ 93 int nd6_maxndopt = 10; /* max # of ND options allowed */ 94 95 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 96 97 int nd6_maxqueuelen = 1; /* max # of packets cached in unresolved ND entries */ 98 99 #ifdef ND6_DEBUG 100 int nd6_debug = 1; 101 #else 102 int nd6_debug = 0; 103 #endif 104 105 /* for debugging? */ 106 static int nd6_inuse, nd6_allocated; 107 108 struct nd_drhead nd_defrouter; 109 struct nd_prhead nd_prefix = { 0 }; 110 111 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 112 static const struct sockaddr_in6 all1_sa = { 113 .sin6_family = AF_INET6 114 , .sin6_len = sizeof(struct sockaddr_in6) 115 , .sin6_addr = {.s6_addr = {0xff, 0xff, 0xff, 0xff, 116 0xff, 0xff, 0xff, 0xff, 117 0xff, 0xff, 0xff, 0xff, 118 0xff, 0xff, 0xff, 0xff}} 119 }; 120 121 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *); 122 static void nd6_slowtimo(void *); 123 static int regen_tmpaddr(struct in6_ifaddr *); 124 static void nd6_free(struct rtentry *, struct llentry *, int); 125 static void nd6_llinfo_timer(void *); 126 static void clear_llinfo_pqueue(struct llentry *); 127 128 callout_t nd6_slowtimo_ch; 129 callout_t nd6_timer_ch; 130 extern callout_t in6_tmpaddrtimer_ch; 131 132 static int fill_drlist(void *, size_t *, size_t); 133 static int fill_prlist(void *, size_t *, size_t); 134 135 MALLOC_DEFINE(M_IP6NDP, "NDP", "IPv6 Neighbour Discovery"); 136 137 void 138 nd6_init(void) 139 { 140 static int nd6_init_done = 0; 141 142 if (nd6_init_done) { 143 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n"); 144 return; 145 } 146 147 /* initialization of the default router list */ 148 TAILQ_INIT(&nd_defrouter); 149 150 nd6_init_done = 1; 151 152 callout_init(&nd6_slowtimo_ch, CALLOUT_MPSAFE); 153 callout_init(&nd6_timer_ch, CALLOUT_MPSAFE); 154 155 /* start timer */ 156 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 157 nd6_slowtimo, NULL); 158 } 159 160 struct nd_ifinfo * 161 nd6_ifattach(struct ifnet *ifp) 162 { 163 struct nd_ifinfo *nd; 164 165 nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK|M_ZERO); 166 167 nd->initialized = 1; 168 169 nd->chlim = IPV6_DEFHLIM; 170 nd->basereachable = REACHABLE_TIME; 171 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 172 nd->retrans = RETRANS_TIMER; 173 174 nd->flags = ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV; 175 176 /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. 177 * A bridge interface should not have ND6_IFF_AUTO_LINKLOCAL 178 * because one of its members should. */ 179 if ((ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) || 180 (ifp->if_flags & IFF_LOOPBACK)) 181 nd->flags |= ND6_IFF_AUTO_LINKLOCAL; 182 183 /* A loopback interface does not need to accept RTADV. 184 * A bridge interface should not accept RTADV 185 * because one of its members should. */ 186 if (ip6_accept_rtadv && 187 !(ifp->if_flags & IFF_LOOPBACK) && 188 !(ifp->if_type != IFT_BRIDGE)) 189 nd->flags |= ND6_IFF_ACCEPT_RTADV; 190 191 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 192 nd6_setmtu0(ifp, nd); 193 194 return nd; 195 } 196 197 void 198 nd6_ifdetach(struct ifnet *ifp, struct in6_ifextra *ext) 199 { 200 201 nd6_purge(ifp, ext); 202 free(ext->nd_ifinfo, M_IP6NDP); 203 } 204 205 void 206 nd6_setmtu(struct ifnet *ifp) 207 { 208 nd6_setmtu0(ifp, ND_IFINFO(ifp)); 209 } 210 211 void 212 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) 213 { 214 u_int32_t omaxmtu; 215 216 omaxmtu = ndi->maxmtu; 217 218 switch (ifp->if_type) { 219 case IFT_ARCNET: 220 ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */ 221 break; 222 case IFT_FDDI: 223 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); 224 break; 225 default: 226 ndi->maxmtu = ifp->if_mtu; 227 break; 228 } 229 230 /* 231 * Decreasing the interface MTU under IPV6 minimum MTU may cause 232 * undesirable situation. We thus notify the operator of the change 233 * explicitly. The check for omaxmtu is necessary to restrict the 234 * log to the case of changing the MTU, not initializing it. 235 */ 236 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 237 log(LOG_NOTICE, "nd6_setmtu0: new link MTU on %s (%lu) is too" 238 " small for IPv6 which needs %lu\n", 239 if_name(ifp), (unsigned long)ndi->maxmtu, (unsigned long) 240 IPV6_MMTU); 241 } 242 243 if (ndi->maxmtu > in6_maxmtu) 244 in6_setmaxmtu(); /* check all interfaces just in case */ 245 } 246 247 void 248 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 249 { 250 251 memset(ndopts, 0, sizeof(*ndopts)); 252 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 253 ndopts->nd_opts_last 254 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 255 256 if (icmp6len == 0) { 257 ndopts->nd_opts_done = 1; 258 ndopts->nd_opts_search = NULL; 259 } 260 } 261 262 /* 263 * Take one ND option. 264 */ 265 struct nd_opt_hdr * 266 nd6_option(union nd_opts *ndopts) 267 { 268 struct nd_opt_hdr *nd_opt; 269 int olen; 270 271 KASSERT(ndopts != NULL); 272 KASSERT(ndopts->nd_opts_last != NULL); 273 274 if (ndopts->nd_opts_search == NULL) 275 return NULL; 276 if (ndopts->nd_opts_done) 277 return NULL; 278 279 nd_opt = ndopts->nd_opts_search; 280 281 /* make sure nd_opt_len is inside the buffer */ 282 if ((void *)&nd_opt->nd_opt_len >= (void *)ndopts->nd_opts_last) { 283 memset(ndopts, 0, sizeof(*ndopts)); 284 return NULL; 285 } 286 287 olen = nd_opt->nd_opt_len << 3; 288 if (olen == 0) { 289 /* 290 * Message validation requires that all included 291 * options have a length that is greater than zero. 292 */ 293 memset(ndopts, 0, sizeof(*ndopts)); 294 return NULL; 295 } 296 297 ndopts->nd_opts_search = (struct nd_opt_hdr *)((char *)nd_opt + olen); 298 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 299 /* option overruns the end of buffer, invalid */ 300 memset(ndopts, 0, sizeof(*ndopts)); 301 return NULL; 302 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 303 /* reached the end of options chain */ 304 ndopts->nd_opts_done = 1; 305 ndopts->nd_opts_search = NULL; 306 } 307 return nd_opt; 308 } 309 310 /* 311 * Parse multiple ND options. 312 * This function is much easier to use, for ND routines that do not need 313 * multiple options of the same type. 314 */ 315 int 316 nd6_options(union nd_opts *ndopts) 317 { 318 struct nd_opt_hdr *nd_opt; 319 int i = 0; 320 321 KASSERT(ndopts != NULL); 322 KASSERT(ndopts->nd_opts_last != NULL); 323 324 if (ndopts->nd_opts_search == NULL) 325 return 0; 326 327 while (1) { 328 nd_opt = nd6_option(ndopts); 329 if (nd_opt == NULL && ndopts->nd_opts_last == NULL) { 330 /* 331 * Message validation requires that all included 332 * options have a length that is greater than zero. 333 */ 334 ICMP6_STATINC(ICMP6_STAT_ND_BADOPT); 335 memset(ndopts, 0, sizeof(*ndopts)); 336 return -1; 337 } 338 339 if (nd_opt == NULL) 340 goto skip1; 341 342 switch (nd_opt->nd_opt_type) { 343 case ND_OPT_SOURCE_LINKADDR: 344 case ND_OPT_TARGET_LINKADDR: 345 case ND_OPT_MTU: 346 case ND_OPT_REDIRECTED_HEADER: 347 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 348 nd6log((LOG_INFO, 349 "duplicated ND6 option found (type=%d)\n", 350 nd_opt->nd_opt_type)); 351 /* XXX bark? */ 352 } else { 353 ndopts->nd_opt_array[nd_opt->nd_opt_type] 354 = nd_opt; 355 } 356 break; 357 case ND_OPT_PREFIX_INFORMATION: 358 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 359 ndopts->nd_opt_array[nd_opt->nd_opt_type] 360 = nd_opt; 361 } 362 ndopts->nd_opts_pi_end = 363 (struct nd_opt_prefix_info *)nd_opt; 364 break; 365 default: 366 /* 367 * Unknown options must be silently ignored, 368 * to accommodate future extension to the protocol. 369 */ 370 nd6log((LOG_DEBUG, 371 "nd6_options: unsupported option %d - " 372 "option ignored\n", nd_opt->nd_opt_type)); 373 } 374 375 skip1: 376 i++; 377 if (i > nd6_maxndopt) { 378 ICMP6_STATINC(ICMP6_STAT_ND_TOOMANYOPT); 379 nd6log((LOG_INFO, "too many loop in nd opt\n")); 380 break; 381 } 382 383 if (ndopts->nd_opts_done) 384 break; 385 } 386 387 return 0; 388 } 389 390 /* 391 * ND6 timer routine to handle ND6 entries 392 */ 393 void 394 nd6_llinfo_settimer_locked(struct llentry *ln, time_t xtick) 395 { 396 397 CTASSERT(sizeof(time_t) > sizeof(int)); 398 LLE_WLOCK_ASSERT(ln); 399 400 if (xtick < 0) { 401 ln->ln_expire = 0; 402 ln->ln_ntick = 0; 403 callout_halt(&ln->ln_timer_ch, &ln->lle_lock); 404 } else { 405 ln->ln_expire = time_uptime + xtick / hz; 406 LLE_ADDREF(ln); 407 if (xtick > INT_MAX) { 408 ln->ln_ntick = xtick - INT_MAX; 409 callout_reset(&ln->ln_timer_ch, INT_MAX, 410 nd6_llinfo_timer, ln); 411 } else { 412 ln->ln_ntick = 0; 413 callout_reset(&ln->ln_timer_ch, xtick, 414 nd6_llinfo_timer, ln); 415 } 416 } 417 } 418 419 void 420 nd6_llinfo_settimer(struct llentry *ln, time_t xtick) 421 { 422 423 LLE_WLOCK(ln); 424 nd6_llinfo_settimer_locked(ln, xtick); 425 LLE_WUNLOCK(ln); 426 } 427 428 /* 429 * Gets source address of the first packet in hold queue 430 * and stores it in @src. 431 * Returns pointer to @src (if hold queue is not empty) or NULL. 432 */ 433 static struct in6_addr * 434 nd6_llinfo_get_holdsrc(struct llentry *ln, struct in6_addr *src) 435 { 436 struct ip6_hdr *hip6; 437 438 if (ln == NULL || ln->ln_hold == NULL) 439 return NULL; 440 441 /* 442 * assuming every packet in ln_hold has the same IP header 443 */ 444 hip6 = mtod(ln->ln_hold, struct ip6_hdr *); 445 /* XXX pullup? */ 446 if (sizeof(*hip6) < ln->ln_hold->m_len) 447 *src = hip6->ip6_src; 448 else 449 src = NULL; 450 451 return src; 452 } 453 454 static void 455 nd6_llinfo_timer(void *arg) 456 { 457 struct llentry *ln = arg; 458 struct rtentry *rt; 459 const struct sockaddr_in6 *dst; 460 struct ifnet *ifp; 461 struct nd_ifinfo *ndi = NULL; 462 bool send_ns = false; 463 const struct in6_addr *daddr6 = NULL; 464 465 mutex_enter(softnet_lock); 466 KERNEL_LOCK(1, NULL); 467 468 LLE_WLOCK(ln); 469 if (ln->ln_ntick > 0) { 470 nd6_llinfo_settimer_locked(ln, ln->ln_ntick); 471 goto out; 472 } 473 474 if (callout_pending(&ln->la_timer)) { 475 /* 476 * Here we are a bit odd here in the treatment of 477 * active/pending. If the pending bit is set, it got 478 * rescheduled before I ran. The active 479 * bit we ignore, since if it was stopped 480 * in ll_tablefree() and was currently running 481 * it would have return 0 so the code would 482 * not have deleted it since the callout could 483 * not be stopped so we want to go through 484 * with the delete here now. If the callout 485 * was restarted, the pending bit will be back on and 486 * we just want to bail since the callout_reset would 487 * return 1 and our reference would have been removed 488 * by nd6_llinfo_settimer_locked above since canceled 489 * would have been 1. 490 */ 491 goto out; 492 } 493 494 ifp = ln->lle_tbl->llt_ifp; 495 rt = ln->ln_rt; 496 497 KASSERT(rt != NULL); 498 KASSERT(ifp != NULL); 499 500 ndi = ND_IFINFO(ifp); 501 dst = satocsin6(rt_getkey(rt)); 502 503 /* sanity check */ 504 if (rt->rt_llinfo && (struct llentry *)rt->rt_llinfo != ln) 505 panic("rt_llinfo(%p) is not equal to ln(%p)", 506 rt->rt_llinfo, ln); 507 if (!dst) 508 panic("dst=0 in nd6_timer(ln=%p)", ln); 509 510 switch (ln->ln_state) { 511 case ND6_LLINFO_INCOMPLETE: 512 if (ln->ln_asked < nd6_mmaxtries) { 513 ln->ln_asked++; 514 send_ns = true; 515 } else { 516 struct mbuf *m = ln->ln_hold; 517 if (m) { 518 struct mbuf *m0; 519 520 /* 521 * assuming every packet in ln_hold has 522 * the same IP header 523 */ 524 m0 = m->m_nextpkt; 525 m->m_nextpkt = NULL; 526 ln->ln_hold = m0; 527 clear_llinfo_pqueue(ln); 528 } 529 nd6_free(rt, ln, 0); 530 ln = NULL; 531 if (m != NULL) 532 icmp6_error2(m, ICMP6_DST_UNREACH, 533 ICMP6_DST_UNREACH_ADDR, 0, ifp); 534 } 535 break; 536 case ND6_LLINFO_REACHABLE: 537 if (!ND6_LLINFO_PERMANENT(ln)) { 538 ln->ln_state = ND6_LLINFO_STALE; 539 nd6_llinfo_settimer_locked(ln, nd6_gctimer * hz); 540 } 541 break; 542 543 case ND6_LLINFO_PURGE: 544 case ND6_LLINFO_STALE: 545 /* Garbage Collection(RFC 2461 5.3) */ 546 if (!ND6_LLINFO_PERMANENT(ln)) { 547 nd6_free(rt, ln, 1); 548 ln = NULL; 549 } 550 break; 551 552 case ND6_LLINFO_DELAY: 553 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 554 /* We need NUD */ 555 ln->ln_asked = 1; 556 ln->ln_state = ND6_LLINFO_PROBE; 557 daddr6 = &dst->sin6_addr; 558 send_ns = true; 559 } else { 560 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 561 nd6_llinfo_settimer_locked(ln, nd6_gctimer * hz); 562 } 563 break; 564 case ND6_LLINFO_PROBE: 565 if (ln->ln_asked < nd6_umaxtries) { 566 ln->ln_asked++; 567 daddr6 = &dst->sin6_addr; 568 send_ns = true; 569 } else { 570 nd6_free(rt, ln, 0); 571 ln = NULL; 572 } 573 break; 574 } 575 576 if (send_ns) { 577 struct in6_addr src, *psrc; 578 579 nd6_llinfo_settimer_locked(ln, ndi->retrans * hz / 1000); 580 psrc = nd6_llinfo_get_holdsrc(ln, &src); 581 LLE_FREE_LOCKED(ln); 582 ln = NULL; 583 nd6_ns_output(ifp, daddr6, &dst->sin6_addr, psrc, 0); 584 } 585 586 out: 587 if (ln != NULL) 588 LLE_FREE_LOCKED(ln); 589 KERNEL_UNLOCK_ONE(NULL); 590 mutex_exit(softnet_lock); 591 } 592 593 /* 594 * ND6 timer routine to expire default route list and prefix list 595 */ 596 void 597 nd6_timer(void *ignored_arg) 598 { 599 struct nd_defrouter *next_dr, *dr; 600 struct nd_prefix *next_pr, *pr; 601 struct in6_ifaddr *ia6, *nia6; 602 603 callout_reset(&nd6_timer_ch, nd6_prune * hz, 604 nd6_timer, NULL); 605 606 mutex_enter(softnet_lock); 607 KERNEL_LOCK(1, NULL); 608 609 /* expire default router list */ 610 611 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, next_dr) { 612 if (dr->expire && dr->expire < time_uptime) { 613 defrtrlist_del(dr, NULL); 614 } 615 } 616 617 /* 618 * expire interface addresses. 619 * in the past the loop was inside prefix expiry processing. 620 * However, from a stricter speci-confrmance standpoint, we should 621 * rather separate address lifetimes and prefix lifetimes. 622 */ 623 addrloop: 624 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) { 625 nia6 = ia6->ia_next; 626 /* check address lifetime */ 627 if (IFA6_IS_INVALID(ia6)) { 628 int regen = 0; 629 630 /* 631 * If the expiring address is temporary, try 632 * regenerating a new one. This would be useful when 633 * we suspended a laptop PC, then turned it on after a 634 * period that could invalidate all temporary 635 * addresses. Although we may have to restart the 636 * loop (see below), it must be after purging the 637 * address. Otherwise, we'd see an infinite loop of 638 * regeneration. 639 */ 640 if (ip6_use_tempaddr && 641 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 642 if (regen_tmpaddr(ia6) == 0) 643 regen = 1; 644 } 645 646 in6_purgeaddr(&ia6->ia_ifa); 647 648 if (regen) 649 goto addrloop; /* XXX: see below */ 650 } else if (IFA6_IS_DEPRECATED(ia6)) { 651 int oldflags = ia6->ia6_flags; 652 653 if ((oldflags & IN6_IFF_DEPRECATED) == 0) { 654 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 655 rt_newaddrmsg(RTM_NEWADDR, 656 (struct ifaddr *)ia6, 0, NULL); 657 } 658 659 /* 660 * If a temporary address has just become deprecated, 661 * regenerate a new one if possible. 662 */ 663 if (ip6_use_tempaddr && 664 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 665 (oldflags & IN6_IFF_DEPRECATED) == 0) { 666 667 if (regen_tmpaddr(ia6) == 0) { 668 /* 669 * A new temporary address is 670 * generated. 671 * XXX: this means the address chain 672 * has changed while we are still in 673 * the loop. Although the change 674 * would not cause disaster (because 675 * it's not a deletion, but an 676 * addition,) we'd rather restart the 677 * loop just for safety. Or does this 678 * significantly reduce performance?? 679 */ 680 goto addrloop; 681 } 682 } 683 } else { 684 /* 685 * A new RA might have made a deprecated address 686 * preferred. 687 */ 688 if (ia6->ia6_flags & IN6_IFF_DEPRECATED) { 689 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 690 rt_newaddrmsg(RTM_NEWADDR, 691 (struct ifaddr *)ia6, 0, NULL); 692 } 693 } 694 } 695 696 /* expire prefix list */ 697 LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, next_pr) { 698 /* 699 * check prefix lifetime. 700 * since pltime is just for autoconf, pltime processing for 701 * prefix is not necessary. 702 */ 703 if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME && 704 time_uptime - pr->ndpr_lastupdate > pr->ndpr_vltime) { 705 706 /* 707 * address expiration and prefix expiration are 708 * separate. NEVER perform in6_purgeaddr here. 709 */ 710 711 prelist_remove(pr); 712 } 713 } 714 715 KERNEL_UNLOCK_ONE(NULL); 716 mutex_exit(softnet_lock); 717 } 718 719 /* ia6: deprecated/invalidated temporary address */ 720 static int 721 regen_tmpaddr(struct in6_ifaddr *ia6) 722 { 723 struct ifaddr *ifa; 724 struct ifnet *ifp; 725 struct in6_ifaddr *public_ifa6 = NULL; 726 727 ifp = ia6->ia_ifa.ifa_ifp; 728 IFADDR_FOREACH(ifa, ifp) { 729 struct in6_ifaddr *it6; 730 731 if (ifa->ifa_addr->sa_family != AF_INET6) 732 continue; 733 734 it6 = (struct in6_ifaddr *)ifa; 735 736 /* ignore no autoconf addresses. */ 737 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 738 continue; 739 740 /* ignore autoconf addresses with different prefixes. */ 741 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 742 continue; 743 744 /* 745 * Now we are looking at an autoconf address with the same 746 * prefix as ours. If the address is temporary and is still 747 * preferred, do not create another one. It would be rare, but 748 * could happen, for example, when we resume a laptop PC after 749 * a long period. 750 */ 751 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 752 !IFA6_IS_DEPRECATED(it6)) { 753 public_ifa6 = NULL; 754 break; 755 } 756 757 /* 758 * This is a public autoconf address that has the same prefix 759 * as ours. If it is preferred, keep it. We can't break the 760 * loop here, because there may be a still-preferred temporary 761 * address with the prefix. 762 */ 763 if (!IFA6_IS_DEPRECATED(it6)) 764 public_ifa6 = it6; 765 } 766 767 if (public_ifa6 != NULL) { 768 int e; 769 770 /* 771 * Random factor is introduced in the preferred lifetime, so 772 * we do not need additional delay (3rd arg to in6_tmpifadd). 773 */ 774 if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) { 775 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 776 " tmp addr, errno=%d\n", e); 777 return -1; 778 } 779 return 0; 780 } 781 782 return -1; 783 } 784 785 bool 786 nd6_accepts_rtadv(const struct nd_ifinfo *ndi) 787 { 788 switch (ndi->flags & (ND6_IFF_ACCEPT_RTADV|ND6_IFF_OVERRIDE_RTADV)) { 789 case ND6_IFF_OVERRIDE_RTADV|ND6_IFF_ACCEPT_RTADV: 790 return true; 791 case ND6_IFF_ACCEPT_RTADV: 792 return ip6_accept_rtadv != 0; 793 case ND6_IFF_OVERRIDE_RTADV: 794 case 0: 795 default: 796 return false; 797 } 798 } 799 800 /* 801 * Nuke neighbor cache/prefix/default router management table, right before 802 * ifp goes away. 803 */ 804 void 805 nd6_purge(struct ifnet *ifp, struct in6_ifextra *ext) 806 { 807 struct nd_defrouter *dr, *ndr; 808 struct nd_prefix *pr, *npr; 809 810 /* 811 * During detach, the ND info might be already removed, but 812 * then is explitly passed as argument. 813 * Otherwise get it from ifp->if_afdata. 814 */ 815 if (ext == NULL) 816 ext = ifp->if_afdata[AF_INET6]; 817 if (ext == NULL) 818 return; 819 820 /* 821 * Nuke default router list entries toward ifp. 822 * We defer removal of default router list entries that is installed 823 * in the routing table, in order to keep additional side effects as 824 * small as possible. 825 */ 826 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, ndr) { 827 if (dr->installed) 828 continue; 829 830 if (dr->ifp == ifp) { 831 KASSERT(ext != NULL); 832 defrtrlist_del(dr, ext); 833 } 834 } 835 836 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, ndr) { 837 if (!dr->installed) 838 continue; 839 840 if (dr->ifp == ifp) { 841 KASSERT(ext != NULL); 842 defrtrlist_del(dr, ext); 843 } 844 } 845 846 /* Nuke prefix list entries toward ifp */ 847 LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, npr) { 848 if (pr->ndpr_ifp == ifp) { 849 /* 850 * Because if_detach() does *not* release prefixes 851 * while purging addresses the reference count will 852 * still be above zero. We therefore reset it to 853 * make sure that the prefix really gets purged. 854 */ 855 pr->ndpr_refcnt = 0; 856 /* 857 * Previously, pr->ndpr_addr is removed as well, 858 * but I strongly believe we don't have to do it. 859 * nd6_purge() is only called from in6_ifdetach(), 860 * which removes all the associated interface addresses 861 * by itself. 862 * (jinmei@kame.net 20010129) 863 */ 864 prelist_remove(pr); 865 } 866 } 867 868 /* cancel default outgoing interface setting */ 869 if (nd6_defifindex == ifp->if_index) 870 nd6_setdefaultiface(0); 871 872 /* XXX: too restrictive? */ 873 if (!ip6_forwarding && ifp->if_afdata[AF_INET6]) { 874 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 875 if (ndi && nd6_accepts_rtadv(ndi)) { 876 /* refresh default router list */ 877 defrouter_select(); 878 } 879 } 880 881 /* 882 * We may not need to nuke the neighbor cache entries here 883 * because the neighbor cache is kept in if_afdata[AF_INET6]. 884 * nd6_purge() is invoked by in6_ifdetach() which is called 885 * from if_detach() where everything gets purged. However 886 * in6_ifdetach is directly called from vlan(4), so we still 887 * need to purge entries here. 888 */ 889 if (ext->lltable != NULL) 890 lltable_purge_entries(ext->lltable); 891 } 892 893 static struct rtentry * 894 nd6_lookup1(const struct in6_addr *addr6, int create, struct ifnet *ifp, 895 int cloning) 896 { 897 struct rtentry *rt; 898 struct sockaddr_in6 sin6; 899 900 sockaddr_in6_init(&sin6, addr6, 0, 0, 0); 901 rt = rtalloc1((struct sockaddr *)&sin6, create); 902 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) { 903 /* 904 * This is the case for the default route. 905 * If we want to create a neighbor cache for the address, we 906 * should free the route for the destination and allocate an 907 * interface route. 908 */ 909 if (create) { 910 rtfree(rt); 911 rt = NULL; 912 } 913 } 914 if (rt != NULL) 915 ; 916 else if (create && ifp) { 917 int e; 918 919 /* 920 * If no route is available and create is set, 921 * we allocate a host route for the destination 922 * and treat it like an interface route. 923 * This hack is necessary for a neighbor which can't 924 * be covered by our own prefix. 925 */ 926 struct ifaddr *ifa = 927 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp); 928 if (ifa == NULL) 929 return NULL; 930 931 /* 932 * Create a new route. RTF_LLINFO is necessary 933 * to create a Neighbor Cache entry for the 934 * destination in nd6_rtrequest which will be 935 * called in rtrequest via ifa->ifa_rtrequest. 936 */ 937 if ((e = rtrequest(RTM_ADD, (const struct sockaddr *)&sin6, 938 ifa->ifa_addr, (const struct sockaddr *)&all1_sa, 939 (ifa->ifa_flags | RTF_HOST | RTF_LLINFO) & 940 ~RTF_CLONING, &rt)) != 0) { 941 #if 0 942 log(LOG_ERR, 943 "nd6_lookup: failed to add route for a " 944 "neighbor(%s), errno=%d\n", 945 ip6_sprintf(addr6), e); 946 #endif 947 return NULL; 948 } 949 if (rt == NULL) 950 return NULL; 951 if (rt->rt_llinfo) { 952 struct llentry *ln = rt->rt_llinfo; 953 ln->ln_state = ND6_LLINFO_NOSTATE; 954 } 955 } else 956 return NULL; 957 958 /* 959 * Check for a cloning route to match the address. 960 * This should only be set from in6_is_addr_neighbor so we avoid 961 * a potentially expensive second call to rtalloc1. 962 */ 963 if (cloning && 964 rt->rt_flags & (RTF_CLONING | RTF_CLONED) && 965 (rt->rt_ifp == ifp 966 #if NBRIDGE > 0 967 || rt->rt_ifp->if_bridge == ifp->if_bridge 968 #endif 969 #if NCARP > 0 970 || (ifp->if_type == IFT_CARP && rt->rt_ifp == ifp->if_carpdev) || 971 (rt->rt_ifp->if_type == IFT_CARP && rt->rt_ifp->if_carpdev == ifp)|| 972 (ifp->if_type == IFT_CARP && rt->rt_ifp->if_type == IFT_CARP && 973 rt->rt_ifp->if_carpdev == ifp->if_carpdev) 974 #endif 975 )) 976 return rt; 977 978 /* 979 * Validation for the entry. 980 * Note that the check for rt_llinfo is necessary because a cloned 981 * route from a parent route that has the L flag (e.g. the default 982 * route to a p2p interface) may have the flag, too, while the 983 * destination is not actually a neighbor. 984 * XXX: we can't use rt->rt_ifp to check for the interface, since 985 * it might be the loopback interface if the entry is for our 986 * own address on a non-loopback interface. Instead, we should 987 * use rt->rt_ifa->ifa_ifp, which would specify the REAL 988 * interface. 989 * Note also that ifa_ifp and ifp may differ when we connect two 990 * interfaces to a same link, install a link prefix to an interface, 991 * and try to install a neighbor cache on an interface that does not 992 * have a route to the prefix. 993 */ 994 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 995 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 996 (ifp && rt->rt_ifa->ifa_ifp != ifp)) { 997 if (create) { 998 nd6log((LOG_DEBUG, 999 "nd6_lookup: failed to lookup %s (if = %s)\n", 1000 ip6_sprintf(addr6), 1001 ifp ? if_name(ifp) : "unspec")); 1002 } 1003 rtfree(rt); 1004 return NULL; 1005 } 1006 return rt; 1007 } 1008 1009 struct rtentry * 1010 nd6_lookup(const struct in6_addr *addr6, int create, struct ifnet *ifp) 1011 { 1012 1013 return nd6_lookup1(addr6, create, ifp, 0); 1014 } 1015 1016 /* 1017 * Detect if a given IPv6 address identifies a neighbor on a given link. 1018 * XXX: should take care of the destination of a p2p link? 1019 */ 1020 int 1021 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 1022 { 1023 struct nd_prefix *pr; 1024 struct rtentry *rt; 1025 1026 /* 1027 * A link-local address is always a neighbor. 1028 * XXX: a link does not necessarily specify a single interface. 1029 */ 1030 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 1031 struct sockaddr_in6 sin6_copy; 1032 u_int32_t zone; 1033 1034 /* 1035 * We need sin6_copy since sa6_recoverscope() may modify the 1036 * content (XXX). 1037 */ 1038 sin6_copy = *addr; 1039 if (sa6_recoverscope(&sin6_copy)) 1040 return 0; /* XXX: should be impossible */ 1041 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 1042 return 0; 1043 if (sin6_copy.sin6_scope_id == zone) 1044 return 1; 1045 else 1046 return 0; 1047 } 1048 1049 /* 1050 * If the address matches one of our on-link prefixes, it should be a 1051 * neighbor. 1052 */ 1053 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1054 if (pr->ndpr_ifp != ifp) 1055 continue; 1056 1057 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) 1058 continue; 1059 1060 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 1061 &addr->sin6_addr, &pr->ndpr_mask)) 1062 return 1; 1063 } 1064 1065 /* 1066 * If the default router list is empty, all addresses are regarded 1067 * as on-link, and thus, as a neighbor. 1068 * XXX: we restrict the condition to hosts, because routers usually do 1069 * not have the "default router list". 1070 */ 1071 if (!ip6_forwarding && TAILQ_FIRST(&nd_defrouter) == NULL && 1072 nd6_defifindex == ifp->if_index) { 1073 return 1; 1074 } 1075 1076 /* 1077 * Even if the address matches none of our addresses, it might match 1078 * a cloning route or be in the neighbor cache. 1079 */ 1080 rt = nd6_lookup1(&addr->sin6_addr, 0, ifp, 1); 1081 if (rt != NULL) { 1082 rtfree(rt); 1083 return 1; 1084 } 1085 1086 return 0; 1087 } 1088 1089 /* 1090 * Free an nd6 llinfo entry. 1091 * Since the function would cause significant changes in the kernel, DO NOT 1092 * make it global, unless you have a strong reason for the change, and are sure 1093 * that the change is safe. 1094 */ 1095 static void 1096 nd6_free(struct rtentry *rt, struct llentry *ln, int gc) 1097 { 1098 struct in6_addr in6 = satocsin6(rt_getkey(rt))->sin6_addr; 1099 struct nd_defrouter *dr; 1100 int error; 1101 1102 KASSERT(ln != NULL); 1103 KASSERT(ln == rt->rt_llinfo); 1104 LLE_WLOCK_ASSERT(ln); 1105 1106 /* 1107 * we used to have pfctlinput(PRC_HOSTDEAD) here. 1108 * even though it is not harmful, it was not really necessary. 1109 */ 1110 1111 /* cancel timer */ 1112 nd6_llinfo_settimer_locked(ln, -1); 1113 1114 if (!ip6_forwarding) { 1115 int s; 1116 s = splsoftnet(); 1117 dr = defrouter_lookup(&satocsin6(rt_getkey(rt))->sin6_addr, 1118 rt->rt_ifp); 1119 1120 if (dr != NULL && dr->expire && 1121 ln->ln_state == ND6_LLINFO_STALE && gc) { 1122 /* 1123 * If the reason for the deletion is just garbage 1124 * collection, and the neighbor is an active default 1125 * router, do not delete it. Instead, reset the GC 1126 * timer using the router's lifetime. 1127 * Simply deleting the entry would affect default 1128 * router selection, which is not necessarily a good 1129 * thing, especially when we're using router preference 1130 * values. 1131 * XXX: the check for ln_state would be redundant, 1132 * but we intentionally keep it just in case. 1133 */ 1134 if (dr->expire > time_uptime) 1135 nd6_llinfo_settimer_locked(ln, 1136 (dr->expire - time_uptime) * hz); 1137 else 1138 nd6_llinfo_settimer_locked(ln, 1139 nd6_gctimer * hz); 1140 splx(s); 1141 LLE_WUNLOCK(ln); 1142 return; 1143 } 1144 1145 if (ln->ln_router || dr) { 1146 /* 1147 * rt6_flush must be called whether or not the neighbor 1148 * is in the Default Router List. 1149 * See a corresponding comment in nd6_na_input(). 1150 */ 1151 rt6_flush(&in6, rt->rt_ifp); 1152 } 1153 1154 if (dr) { 1155 /* 1156 * Unreachablity of a router might affect the default 1157 * router selection and on-link detection of advertised 1158 * prefixes. 1159 */ 1160 1161 /* 1162 * Temporarily fake the state to choose a new default 1163 * router and to perform on-link determination of 1164 * prefixes correctly. 1165 * Below the state will be set correctly, 1166 * or the entry itself will be deleted. 1167 */ 1168 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1169 1170 /* 1171 * Since defrouter_select() does not affect the 1172 * on-link determination and MIP6 needs the check 1173 * before the default router selection, we perform 1174 * the check now. 1175 */ 1176 pfxlist_onlink_check(); 1177 1178 /* 1179 * refresh default router list 1180 */ 1181 defrouter_select(); 1182 } 1183 splx(s); 1184 } 1185 1186 LLE_WUNLOCK(ln); 1187 /* 1188 * Detach the route from the routing tree and the list of neighbor 1189 * caches, and disable the route entry not to be used in already 1190 * cached routes. 1191 */ 1192 error = rtrequest_newmsg(RTM_DELETE, rt_getkey(rt), NULL, 1193 rt_mask(rt), 0); 1194 if (error != 0) { 1195 /* XXX need error message? */; 1196 } 1197 } 1198 1199 /* 1200 * Upper-layer reachability hint for Neighbor Unreachability Detection. 1201 * 1202 * XXX cost-effective methods? 1203 */ 1204 void 1205 nd6_nud_hint(struct rtentry *rt) 1206 { 1207 struct llentry *ln; 1208 1209 if (rt == NULL) 1210 return; 1211 1212 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 1213 (rt->rt_flags & RTF_LLINFO) == 0 || 1214 !rt->rt_llinfo || !rt->rt_gateway || 1215 rt->rt_gateway->sa_family != AF_LINK) { 1216 /* This is not a host route. */ 1217 return; 1218 } 1219 1220 ln = rt->rt_llinfo; 1221 if (ln->ln_state < ND6_LLINFO_REACHABLE) 1222 return; 1223 1224 /* 1225 * if we get upper-layer reachability confirmation many times, 1226 * it is possible we have false information. 1227 */ 1228 ln->ln_byhint++; 1229 if (ln->ln_byhint > nd6_maxnudhint) 1230 return; 1231 1232 ln->ln_state = ND6_LLINFO_REACHABLE; 1233 if (!ND6_LLINFO_PERMANENT(ln)) { 1234 nd6_llinfo_settimer(ln, 1235 ND_IFINFO(rt->rt_ifp)->reachable * hz); 1236 } 1237 1238 return; 1239 } 1240 1241 static int 1242 nd6_purge_entry(struct lltable *llt, struct llentry *ln, void *farg) 1243 { 1244 int *n = farg; 1245 1246 if (*n <= 0) 1247 return 0; 1248 1249 if (ND6_LLINFO_PERMANENT(ln)) 1250 return 0; 1251 1252 LLE_WLOCK(ln); 1253 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1254 ln->ln_state = ND6_LLINFO_STALE; 1255 else 1256 ln->ln_state = ND6_LLINFO_PURGE; 1257 nd6_llinfo_settimer_locked(ln, 0); 1258 LLE_WUNLOCK(ln); 1259 1260 (*n)--; 1261 return 0; 1262 } 1263 1264 static void 1265 nd6_gc_neighbors(struct lltable *llt) 1266 { 1267 int max_gc_entries = 10; 1268 1269 if (ip6_neighborgcthresh >= 0 && 1270 lltable_get_entry_count(llt) >= ip6_neighborgcthresh) { 1271 /* 1272 * XXX entries that are "less recently used" should be 1273 * freed first. 1274 */ 1275 lltable_foreach_lle(llt, nd6_purge_entry, &max_gc_entries); 1276 } 1277 } 1278 1279 void 1280 nd6_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info) 1281 { 1282 struct sockaddr *gate = rt->rt_gateway; 1283 struct llentry *ln; 1284 struct ifnet *ifp = rt->rt_ifp; 1285 uint8_t namelen = strlen(ifp->if_xname), addrlen = ifp->if_addrlen; 1286 struct ifaddr *ifa; 1287 int flags = 0; 1288 bool use_lo0ifp = false; 1289 1290 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1291 1292 if (req == RTM_LLINFO_UPD) { 1293 int rc; 1294 struct in6_addr *in6; 1295 struct in6_addr in6_all; 1296 int anycast; 1297 1298 if ((ifa = info->rti_ifa) == NULL) 1299 return; 1300 1301 in6 = &ifatoia6(ifa)->ia_addr.sin6_addr; 1302 anycast = ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST; 1303 1304 in6_all = in6addr_linklocal_allnodes; 1305 if ((rc = in6_setscope(&in6_all, ifa->ifa_ifp, NULL)) != 0) { 1306 log(LOG_ERR, "%s: failed to set scope %s " 1307 "(errno=%d)\n", __func__, if_name(ifp), rc); 1308 return; 1309 } 1310 1311 /* XXX don't set Override for proxy addresses */ 1312 nd6_na_output(ifa->ifa_ifp, &in6_all, in6, 1313 (anycast ? 0 : ND_NA_FLAG_OVERRIDE) 1314 #if 0 1315 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0) 1316 #endif 1317 , 1, NULL); 1318 return; 1319 } 1320 1321 if ((rt->rt_flags & RTF_GATEWAY) != 0) 1322 return; 1323 1324 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 1325 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1326 /* 1327 * This is probably an interface direct route for a link 1328 * which does not need neighbor caches (e.g. fe80::%lo0/64). 1329 * We do not need special treatment below for such a route. 1330 * Moreover, the RTF_LLINFO flag which would be set below 1331 * would annoy the ndp(8) command. 1332 */ 1333 return; 1334 } 1335 1336 IF_AFDATA_RLOCK(ifp); 1337 ln = lla_lookup(LLTABLE6(ifp), flags, rt_getkey(rt)); 1338 IF_AFDATA_RUNLOCK(ifp); 1339 1340 if (req == RTM_RESOLVE && 1341 (nd6_need_cache(ifp) == 0 || /* stf case */ 1342 !nd6_is_addr_neighbor(satocsin6(rt_getkey(rt)), ifp))) { 1343 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1344 /* 1345 * FreeBSD and BSD/OS often make a cloned host route based 1346 * on a less-specific route (e.g. the default route). 1347 * If the less specific route does not have a "gateway" 1348 * (this is the case when the route just goes to a p2p or an 1349 * stf interface), we'll mistakenly make a neighbor cache for 1350 * the host route, and will see strange neighbor solicitation 1351 * for the corresponding destination. In order to avoid the 1352 * confusion, we check if the destination of the route is 1353 * a neighbor in terms of neighbor discovery, and stop the 1354 * process if not. Additionally, we remove the LLINFO flag 1355 * so that ndp(8) will not try to get the neighbor information 1356 * of the destination. 1357 */ 1358 rt->rt_flags &= ~RTF_LLINFO; 1359 return; 1360 } 1361 1362 switch (req) { 1363 case RTM_ADD: 1364 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1365 /* 1366 * There is no backward compatibility :) 1367 * 1368 * if ((rt->rt_flags & RTF_HOST) == 0 && 1369 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1370 * rt->rt_flags |= RTF_CLONING; 1371 */ 1372 if ((rt->rt_flags & RTF_CLONING) || 1373 ((rt->rt_flags & (RTF_LLINFO | RTF_LOCAL)) && ln == NULL)) { 1374 union { 1375 struct sockaddr sa; 1376 struct sockaddr_dl sdl; 1377 struct sockaddr_storage ss; 1378 } u; 1379 /* 1380 * Case 1: This route should come from a route to 1381 * interface (RTF_CLONING case) or the route should be 1382 * treated as on-link but is currently not 1383 * (RTF_LLINFO && ln == NULL case). 1384 */ 1385 if (sockaddr_dl_init(&u.sdl, sizeof(u.ss), 1386 ifp->if_index, ifp->if_type, 1387 NULL, namelen, NULL, addrlen) == NULL) { 1388 printf("%s.%d: sockaddr_dl_init(, %zu, ) " 1389 "failed on %s\n", __func__, __LINE__, 1390 sizeof(u.ss), if_name(ifp)); 1391 } 1392 rt_setgate(rt, &u.sa); 1393 gate = rt->rt_gateway; 1394 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1395 if (ln != NULL) 1396 nd6_llinfo_settimer_locked(ln, 0); 1397 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1398 if ((rt->rt_flags & RTF_CLONING) != 0) 1399 break; 1400 } 1401 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1402 /* 1403 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1404 * We don't do that here since llinfo is not ready yet. 1405 * 1406 * There are also couple of other things to be discussed: 1407 * - unsolicited NA code needs improvement beforehand 1408 * - RFC2461 says we MAY send multicast unsolicited NA 1409 * (7.2.6 paragraph 4), however, it also says that we 1410 * SHOULD provide a mechanism to prevent multicast NA storm. 1411 * we don't have anything like it right now. 1412 * note that the mechanism needs a mutual agreement 1413 * between proxies, which means that we need to implement 1414 * a new protocol, or a new kludge. 1415 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1416 * we need to check ip6forwarding before sending it. 1417 * (or should we allow proxy ND configuration only for 1418 * routers? there's no mention about proxy ND from hosts) 1419 */ 1420 #if 0 1421 /* XXX it does not work */ 1422 if (rt->rt_flags & RTF_ANNOUNCE) 1423 nd6_na_output(ifp, 1424 &satocsin6(rt_getkey(rt))->sin6_addr, 1425 &satocsin6(rt_getkey(rt))->sin6_addr, 1426 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1427 1, NULL); 1428 #endif 1429 /* FALLTHROUGH */ 1430 case RTM_RESOLVE: 1431 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 1432 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1433 /* 1434 * Address resolution isn't necessary for a point to 1435 * point link, so we can skip this test for a p2p link. 1436 */ 1437 if (gate->sa_family != AF_LINK || 1438 gate->sa_len < 1439 sockaddr_dl_measure(namelen, addrlen)) { 1440 log(LOG_DEBUG, 1441 "nd6_rtrequest: bad gateway value: %s\n", 1442 if_name(ifp)); 1443 break; 1444 } 1445 satosdl(gate)->sdl_type = ifp->if_type; 1446 satosdl(gate)->sdl_index = ifp->if_index; 1447 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1448 } 1449 if (ln != NULL) 1450 break; /* This happens on a route change */ 1451 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1452 1453 /* Determine to use lo0ifp or not before lla_create */ 1454 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, 1455 &satocsin6(rt_getkey(rt))->sin6_addr); 1456 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1457 if (ifa != NULL && nd6_useloopback) 1458 use_lo0ifp = true; 1459 1460 /* 1461 * Case 2: This route may come from cloning, or a manual route 1462 * add with a LL address. 1463 */ 1464 flags = LLE_EXCLUSIVE; 1465 if ((rt->rt_flags & RTF_CLONED) == 0) 1466 flags |= LLE_IFADDR; 1467 1468 #define _IFP() (use_lo0ifp ? lo0ifp : ifp) 1469 IF_AFDATA_WLOCK(_IFP()); 1470 ln = lla_create(LLTABLE6(_IFP()), flags, rt_getkey(rt)); 1471 IF_AFDATA_WUNLOCK(_IFP()); 1472 1473 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1474 if (ln == NULL) { 1475 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n"); 1476 break; 1477 } 1478 1479 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1480 nd6_inuse++; 1481 nd6_allocated++; 1482 ln->ln_rt = rt; 1483 rt->rt_refcnt++; 1484 rt->rt_llinfo = ln; 1485 LLE_ADDREF(ln); 1486 rt->rt_flags |= RTF_LLINFO; 1487 switch (_IFP()->if_type) { 1488 #if NTOKEN > 0 1489 case IFT_ISO88025: 1490 ln->la_opaque = kmem_alloc(sizeof(struct token_rif), 1491 KM_SLEEP); 1492 break; 1493 #endif /* NTOKEN > 0 */ 1494 default: 1495 break; 1496 } 1497 #undef _IFP 1498 1499 /* this is required for "ndp" command. - shin */ 1500 if (req == RTM_ADD) { 1501 /* 1502 * gate should have some valid AF_LINK entry, 1503 * and ln->ln_expire should have some lifetime 1504 * which is specified by ndp command. 1505 */ 1506 ln->ln_state = ND6_LLINFO_REACHABLE; 1507 ln->ln_byhint = 0; 1508 } else { 1509 /* 1510 * When req == RTM_RESOLVE, rt is created and 1511 * initialized in rtrequest(), so rt_expire is 0. 1512 */ 1513 ln->ln_state = ND6_LLINFO_NOSTATE; 1514 nd6_llinfo_settimer_locked(ln, 0); 1515 } 1516 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1517 1518 /* 1519 * check if rt_getkey(rt) is an address assigned 1520 * to the interface. 1521 */ 1522 if (ifa != NULL) { 1523 const void *mac; 1524 nd6_llinfo_settimer_locked(ln, -1); 1525 ln->ln_state = ND6_LLINFO_REACHABLE; 1526 ln->ln_byhint = 0; 1527 if ((mac = nd6_ifptomac(ifp)) != NULL) { 1528 /* XXX check for error */ 1529 if (sockaddr_dl_setaddr(satosdl(gate), 1530 gate->sa_len, mac, 1531 ifp->if_addrlen) == NULL) { 1532 printf("%s.%d: " 1533 "sockaddr_dl_setaddr(, %d, ) " 1534 "failed on %s\n", __func__, 1535 __LINE__, gate->sa_len, 1536 if_name(ifp)); 1537 } 1538 } 1539 if (nd6_useloopback) { 1540 ifp = rt->rt_ifp = lo0ifp; /* XXX */ 1541 /* 1542 * Make sure rt_ifa be equal to the ifaddr 1543 * corresponding to the address. 1544 * We need this because when we refer 1545 * rt_ifa->ia6_flags in ip6_input, we assume 1546 * that the rt_ifa points to the address instead 1547 * of the loopback address. 1548 */ 1549 if (ifa != rt->rt_ifa) 1550 rt_replace_ifa(rt, ifa); 1551 rt->rt_rmx.rmx_mtu = 0; 1552 rt->rt_flags &= ~RTF_CLONED; 1553 } 1554 rt->rt_flags |= RTF_LOCAL; 1555 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1556 nd6_llinfo_settimer_locked(ln, -1); 1557 ln->ln_state = ND6_LLINFO_REACHABLE; 1558 ln->ln_byhint = 0; 1559 1560 /* join solicited node multicast for proxy ND */ 1561 if (ifp->if_flags & IFF_MULTICAST) { 1562 struct in6_addr llsol; 1563 int error; 1564 1565 llsol = satocsin6(rt_getkey(rt))->sin6_addr; 1566 llsol.s6_addr32[0] = htonl(0xff020000); 1567 llsol.s6_addr32[1] = 0; 1568 llsol.s6_addr32[2] = htonl(1); 1569 llsol.s6_addr8[12] = 0xff; 1570 if (in6_setscope(&llsol, ifp, NULL)) 1571 break; 1572 if (!in6_addmulti(&llsol, ifp, &error, 0)) { 1573 nd6log((LOG_ERR, "%s: failed to join " 1574 "%s (errno=%d)\n", if_name(ifp), 1575 ip6_sprintf(&llsol), error)); 1576 } 1577 } 1578 } 1579 LLE_WUNLOCK(ln); 1580 /* 1581 * If we have too many cache entries, initiate immediate 1582 * purging for some entries. 1583 */ 1584 nd6_gc_neighbors(ln->lle_tbl); 1585 ln = NULL; 1586 1587 break; 1588 1589 case RTM_DELETE: 1590 if (ln == NULL) 1591 break; 1592 /* leave from solicited node multicast for proxy ND */ 1593 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1594 (ifp->if_flags & IFF_MULTICAST) != 0) { 1595 struct in6_addr llsol; 1596 struct in6_multi *in6m; 1597 1598 llsol = satocsin6(rt_getkey(rt))->sin6_addr; 1599 llsol.s6_addr32[0] = htonl(0xff020000); 1600 llsol.s6_addr32[1] = 0; 1601 llsol.s6_addr32[2] = htonl(1); 1602 llsol.s6_addr8[12] = 0xff; 1603 if (in6_setscope(&llsol, ifp, NULL) == 0) { 1604 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1605 if (in6m) 1606 in6_delmulti(in6m); 1607 } 1608 } 1609 nd6_inuse--; 1610 rt->rt_llinfo = NULL; 1611 rt->rt_flags &= ~RTF_LLINFO; 1612 1613 /* Have to do before IF_AFDATA_WLOCK to avoid deadlock */ 1614 callout_halt(&ln->la_timer, &ln->lle_lock); 1615 /* XXX: LOR avoidance. We still have ref on lle. */ 1616 LLE_RUNLOCK(ln); 1617 1618 IF_AFDATA_WLOCK(ifp); 1619 LLE_WLOCK(ln); 1620 1621 clear_llinfo_pqueue(ln); 1622 if (ln->la_opaque != NULL) { 1623 switch (ifp->if_type) { 1624 #if NTOKEN > 0 1625 case IFT_ISO88025: 1626 kmem_free(ln->la_opaque, 1627 sizeof(struct token_rif)); 1628 break; 1629 #endif /* NTOKEN > 0 */ 1630 default: 1631 break; 1632 } 1633 } 1634 1635 if (ln->la_rt != NULL) { 1636 /* 1637 * Don't rtfree (may actually free objects) here. 1638 * Leave it to rtrequest1. 1639 */ 1640 ln->la_rt->rt_refcnt--; 1641 ln->la_rt = NULL; 1642 } 1643 /* Guard against race with other llentry_free(). */ 1644 if (ln->la_flags & LLE_LINKED) { 1645 LLE_REMREF(ln); 1646 llentry_free(ln); 1647 } else { 1648 LLE_FREE_LOCKED(ln); 1649 } 1650 1651 IF_AFDATA_WUNLOCK(ifp); 1652 ln = NULL; 1653 } 1654 1655 if (ln != NULL) { 1656 if (flags & LLE_EXCLUSIVE) 1657 LLE_WUNLOCK(ln); 1658 else 1659 LLE_RUNLOCK(ln); 1660 } 1661 } 1662 1663 int 1664 nd6_ioctl(u_long cmd, void *data, struct ifnet *ifp) 1665 { 1666 struct in6_drlist *drl = (struct in6_drlist *)data; 1667 struct in6_oprlist *oprl = (struct in6_oprlist *)data; 1668 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1669 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1670 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1671 struct nd_defrouter *dr; 1672 struct nd_prefix *pr; 1673 int i = 0, error = 0; 1674 int s; 1675 1676 switch (cmd) { 1677 case SIOCGDRLST_IN6: 1678 /* 1679 * obsolete API, use sysctl under net.inet6.icmp6 1680 */ 1681 memset(drl, 0, sizeof(*drl)); 1682 s = splsoftnet(); 1683 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) { 1684 if (i >= DRLSTSIZ) 1685 break; 1686 drl->defrouter[i].rtaddr = dr->rtaddr; 1687 in6_clearscope(&drl->defrouter[i].rtaddr); 1688 1689 drl->defrouter[i].flags = dr->flags; 1690 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1691 drl->defrouter[i].expire = dr->expire ? 1692 time_mono_to_wall(dr->expire) : 0; 1693 drl->defrouter[i].if_index = dr->ifp->if_index; 1694 i++; 1695 } 1696 splx(s); 1697 break; 1698 case SIOCGPRLST_IN6: 1699 /* 1700 * obsolete API, use sysctl under net.inet6.icmp6 1701 * 1702 * XXX the structure in6_prlist was changed in backward- 1703 * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6, 1704 * in6_prlist is used for nd6_sysctl() - fill_prlist(). 1705 */ 1706 /* 1707 * XXX meaning of fields, especialy "raflags", is very 1708 * differnet between RA prefix list and RR/static prefix list. 1709 * how about separating ioctls into two? 1710 */ 1711 memset(oprl, 0, sizeof(*oprl)); 1712 s = splsoftnet(); 1713 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1714 struct nd_pfxrouter *pfr; 1715 int j; 1716 1717 if (i >= PRLSTSIZ) 1718 break; 1719 oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr; 1720 oprl->prefix[i].raflags = pr->ndpr_raf; 1721 oprl->prefix[i].prefixlen = pr->ndpr_plen; 1722 oprl->prefix[i].vltime = pr->ndpr_vltime; 1723 oprl->prefix[i].pltime = pr->ndpr_pltime; 1724 oprl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1725 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 1726 oprl->prefix[i].expire = 0; 1727 else { 1728 time_t maxexpire; 1729 1730 /* XXX: we assume time_t is signed. */ 1731 maxexpire = (-1) & 1732 ~((time_t)1 << 1733 ((sizeof(maxexpire) * 8) - 1)); 1734 if (pr->ndpr_vltime < 1735 maxexpire - pr->ndpr_lastupdate) { 1736 time_t expire; 1737 expire = pr->ndpr_lastupdate + 1738 pr->ndpr_vltime; 1739 oprl->prefix[i].expire = expire ? 1740 time_mono_to_wall(expire) : 0; 1741 } else 1742 oprl->prefix[i].expire = maxexpire; 1743 } 1744 1745 j = 0; 1746 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 1747 if (j < DRLSTSIZ) { 1748 #define RTRADDR oprl->prefix[i].advrtr[j] 1749 RTRADDR = pfr->router->rtaddr; 1750 in6_clearscope(&RTRADDR); 1751 #undef RTRADDR 1752 } 1753 j++; 1754 } 1755 oprl->prefix[i].advrtrs = j; 1756 oprl->prefix[i].origin = PR_ORIG_RA; 1757 1758 i++; 1759 } 1760 splx(s); 1761 1762 break; 1763 case OSIOCGIFINFO_IN6: 1764 #define ND ndi->ndi 1765 /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1766 memset(&ND, 0, sizeof(ND)); 1767 ND.linkmtu = IN6_LINKMTU(ifp); 1768 ND.maxmtu = ND_IFINFO(ifp)->maxmtu; 1769 ND.basereachable = ND_IFINFO(ifp)->basereachable; 1770 ND.reachable = ND_IFINFO(ifp)->reachable; 1771 ND.retrans = ND_IFINFO(ifp)->retrans; 1772 ND.flags = ND_IFINFO(ifp)->flags; 1773 ND.recalctm = ND_IFINFO(ifp)->recalctm; 1774 ND.chlim = ND_IFINFO(ifp)->chlim; 1775 break; 1776 case SIOCGIFINFO_IN6: 1777 ND = *ND_IFINFO(ifp); 1778 break; 1779 case SIOCSIFINFO_IN6: 1780 /* 1781 * used to change host variables from userland. 1782 * intented for a use on router to reflect RA configurations. 1783 */ 1784 /* 0 means 'unspecified' */ 1785 if (ND.linkmtu != 0) { 1786 if (ND.linkmtu < IPV6_MMTU || 1787 ND.linkmtu > IN6_LINKMTU(ifp)) { 1788 error = EINVAL; 1789 break; 1790 } 1791 ND_IFINFO(ifp)->linkmtu = ND.linkmtu; 1792 } 1793 1794 if (ND.basereachable != 0) { 1795 int obasereachable = ND_IFINFO(ifp)->basereachable; 1796 1797 ND_IFINFO(ifp)->basereachable = ND.basereachable; 1798 if (ND.basereachable != obasereachable) 1799 ND_IFINFO(ifp)->reachable = 1800 ND_COMPUTE_RTIME(ND.basereachable); 1801 } 1802 if (ND.retrans != 0) 1803 ND_IFINFO(ifp)->retrans = ND.retrans; 1804 if (ND.chlim != 0) 1805 ND_IFINFO(ifp)->chlim = ND.chlim; 1806 /* FALLTHROUGH */ 1807 case SIOCSIFINFO_FLAGS: 1808 { 1809 struct ifaddr *ifa; 1810 struct in6_ifaddr *ia; 1811 1812 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1813 !(ND.flags & ND6_IFF_IFDISABLED)) 1814 { 1815 /* 1816 * If the interface is marked as ND6_IFF_IFDISABLED and 1817 * has a link-local address with IN6_IFF_DUPLICATED, 1818 * do not clear ND6_IFF_IFDISABLED. 1819 * See RFC 4862, section 5.4.5. 1820 */ 1821 int duplicated_linklocal = 0; 1822 1823 IFADDR_FOREACH(ifa, ifp) { 1824 if (ifa->ifa_addr->sa_family != AF_INET6) 1825 continue; 1826 ia = (struct in6_ifaddr *)ifa; 1827 if ((ia->ia6_flags & IN6_IFF_DUPLICATED) && 1828 IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) 1829 { 1830 duplicated_linklocal = 1; 1831 break; 1832 } 1833 } 1834 1835 if (duplicated_linklocal) { 1836 ND.flags |= ND6_IFF_IFDISABLED; 1837 log(LOG_ERR, "Cannot enable an interface" 1838 " with a link-local address marked" 1839 " duplicate.\n"); 1840 } else { 1841 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED; 1842 if (ifp->if_flags & IFF_UP) 1843 in6_if_up(ifp); 1844 } 1845 } else if (!(ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1846 (ND.flags & ND6_IFF_IFDISABLED)) 1847 { 1848 /* Mark all IPv6 addresses as tentative. */ 1849 1850 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1851 IFADDR_FOREACH(ifa, ifp) { 1852 if (ifa->ifa_addr->sa_family != AF_INET6) 1853 continue; 1854 nd6_dad_stop(ifa); 1855 ia = (struct in6_ifaddr *)ifa; 1856 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1857 } 1858 } 1859 1860 if (ND.flags & ND6_IFF_AUTO_LINKLOCAL) { 1861 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL)) { 1862 /* auto_linklocal 0->1 transition */ 1863 1864 ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL; 1865 in6_ifattach(ifp, NULL); 1866 } else if (!(ND.flags & ND6_IFF_IFDISABLED) && 1867 ifp->if_flags & IFF_UP) 1868 { 1869 /* 1870 * When the IF already has 1871 * ND6_IFF_AUTO_LINKLOCAL, no link-local 1872 * address is assigned, and IFF_UP, try to 1873 * assign one. 1874 */ 1875 int haslinklocal = 0; 1876 1877 IFADDR_FOREACH(ifa, ifp) { 1878 if (ifa->ifa_addr->sa_family !=AF_INET6) 1879 continue; 1880 ia = (struct in6_ifaddr *)ifa; 1881 if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))){ 1882 haslinklocal = 1; 1883 break; 1884 } 1885 } 1886 if (!haslinklocal) 1887 in6_ifattach(ifp, NULL); 1888 } 1889 } 1890 } 1891 ND_IFINFO(ifp)->flags = ND.flags; 1892 break; 1893 #undef ND 1894 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1895 /* sync kernel routing table with the default router list */ 1896 defrouter_reset(); 1897 defrouter_select(); 1898 break; 1899 case SIOCSPFXFLUSH_IN6: 1900 { 1901 /* flush all the prefix advertised by routers */ 1902 struct nd_prefix *pfx, *next; 1903 1904 s = splsoftnet(); 1905 LIST_FOREACH_SAFE(pfx, &nd_prefix, ndpr_entry, next) { 1906 struct in6_ifaddr *ia, *ia_next; 1907 1908 if (IN6_IS_ADDR_LINKLOCAL(&pfx->ndpr_prefix.sin6_addr)) 1909 continue; /* XXX */ 1910 1911 /* do we really have to remove addresses as well? */ 1912 for (ia = in6_ifaddr; ia; ia = ia_next) { 1913 /* ia might be removed. keep the next ptr. */ 1914 ia_next = ia->ia_next; 1915 1916 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1917 continue; 1918 1919 if (ia->ia6_ndpr == pfx) 1920 in6_purgeaddr(&ia->ia_ifa); 1921 } 1922 prelist_remove(pfx); 1923 } 1924 splx(s); 1925 break; 1926 } 1927 case SIOCSRTRFLUSH_IN6: 1928 { 1929 /* flush all the default routers */ 1930 struct nd_defrouter *drtr, *next; 1931 1932 s = splsoftnet(); 1933 defrouter_reset(); 1934 TAILQ_FOREACH_SAFE(drtr, &nd_defrouter, dr_entry, next) { 1935 defrtrlist_del(drtr, NULL); 1936 } 1937 defrouter_select(); 1938 splx(s); 1939 break; 1940 } 1941 case SIOCGNBRINFO_IN6: 1942 { 1943 struct llentry *ln; 1944 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1945 struct rtentry *rt; 1946 1947 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0) 1948 return error; 1949 1950 s = splsoftnet(); 1951 rt = nd6_lookup(&nb_addr, 0, ifp); 1952 if (rt == NULL) { 1953 error = EINVAL; 1954 splx(s); 1955 break; 1956 } 1957 1958 ln = rt->rt_llinfo; 1959 rtfree(rt); 1960 if (ln == NULL) { 1961 error = EINVAL; 1962 splx(s); 1963 break; 1964 } 1965 nbi->state = ln->ln_state; 1966 nbi->asked = ln->ln_asked; 1967 nbi->isrouter = ln->ln_router; 1968 nbi->expire = ln->ln_expire ? 1969 time_mono_to_wall(ln->ln_expire) : 0; 1970 splx(s); 1971 1972 break; 1973 } 1974 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1975 ndif->ifindex = nd6_defifindex; 1976 break; 1977 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1978 return nd6_setdefaultiface(ndif->ifindex); 1979 } 1980 return error; 1981 } 1982 1983 void 1984 nd6_llinfo_release_pkts(struct llentry *ln, struct ifnet *ifp, 1985 struct rtentry *rt) 1986 { 1987 struct mbuf *m_hold, *m_hold_next; 1988 1989 for (m_hold = ln->la_hold, ln->la_hold = NULL, ln->la_numheld = 0; 1990 m_hold != NULL; 1991 m_hold = m_hold_next) { 1992 m_hold_next = m_hold->m_nextpkt; 1993 m_hold->m_nextpkt = NULL; 1994 1995 /* 1996 * we assume ifp is not a p2p here, so 1997 * just set the 2nd argument as the 1998 * 1st one. 1999 */ 2000 nd6_output(ifp, ifp, m_hold, satocsin6(rt_getkey(rt)), rt); 2001 } 2002 } 2003 2004 /* 2005 * Create neighbor cache entry and cache link-layer address, 2006 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 2007 */ 2008 void 2009 nd6_cache_lladdr( 2010 struct ifnet *ifp, 2011 struct in6_addr *from, 2012 char *lladdr, 2013 int lladdrlen, 2014 int type, /* ICMP6 type */ 2015 int code /* type dependent information */ 2016 ) 2017 { 2018 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 2019 struct rtentry *rt = NULL; 2020 struct llentry *ln = NULL; 2021 int is_newentry; 2022 struct sockaddr_dl *sdl = NULL; 2023 int do_update; 2024 int olladdr; 2025 int llchange; 2026 int newstate = 0; 2027 2028 KASSERT(ifp != NULL); 2029 KASSERT(from != NULL); 2030 2031 /* nothing must be updated for unspecified address */ 2032 if (IN6_IS_ADDR_UNSPECIFIED(from)) 2033 return; 2034 2035 /* 2036 * Validation about ifp->if_addrlen and lladdrlen must be done in 2037 * the caller. 2038 * 2039 * XXX If the link does not have link-layer adderss, what should 2040 * we do? (ifp->if_addrlen == 0) 2041 * Spec says nothing in sections for RA, RS and NA. There's small 2042 * description on it in NS section (RFC 2461 7.2.3). 2043 */ 2044 2045 rt = nd6_lookup(from, 0, ifp); 2046 if (rt == NULL) { 2047 #if 0 2048 /* nothing must be done if there's no lladdr */ 2049 if (!lladdr || !lladdrlen) 2050 return NULL; 2051 #endif 2052 2053 rt = nd6_lookup(from, 1, ifp); 2054 is_newentry = 1; 2055 } else { 2056 /* do nothing if static ndp is set */ 2057 if (rt->rt_flags & RTF_STATIC) { 2058 rtfree(rt); 2059 return; 2060 } 2061 is_newentry = 0; 2062 } 2063 2064 if (rt == NULL) 2065 return; 2066 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 2067 fail: 2068 if (rt->rt_llinfo != NULL) 2069 LLE_WLOCK((struct llentry *)rt->rt_llinfo); 2070 nd6_free(rt, rt->rt_llinfo, 0); 2071 rtfree(rt); 2072 return; 2073 } 2074 ln = rt->rt_llinfo; 2075 if (ln == NULL) 2076 goto fail; 2077 if (rt->rt_gateway == NULL) 2078 goto fail; 2079 if (rt->rt_gateway->sa_family != AF_LINK) 2080 goto fail; 2081 sdl = satosdl(rt->rt_gateway); 2082 2083 olladdr = (sdl->sdl_alen) ? 1 : 0; 2084 if (olladdr && lladdr) { 2085 if (memcmp(lladdr, CLLADDR(sdl), ifp->if_addrlen)) 2086 llchange = 1; 2087 else 2088 llchange = 0; 2089 } else 2090 llchange = 0; 2091 2092 /* 2093 * newentry olladdr lladdr llchange (*=record) 2094 * 0 n n -- (1) 2095 * 0 y n -- (2) 2096 * 0 n y -- (3) * STALE 2097 * 0 y y n (4) * 2098 * 0 y y y (5) * STALE 2099 * 1 -- n -- (6) NOSTATE(= PASSIVE) 2100 * 1 -- y -- (7) * STALE 2101 */ 2102 2103 if (lladdr) { /* (3-5) and (7) */ 2104 /* 2105 * Record source link-layer address 2106 * XXX is it dependent to ifp->if_type? 2107 */ 2108 /* XXX check for error */ 2109 if (sockaddr_dl_setaddr(sdl, sdl->sdl_len, lladdr, 2110 ifp->if_addrlen) == NULL) { 2111 printf("%s.%d: sockaddr_dl_setaddr(, %d, ) " 2112 "failed on %s\n", __func__, __LINE__, 2113 sdl->sdl_len, if_name(ifp)); 2114 } 2115 } 2116 2117 if (!is_newentry) { 2118 if ((!olladdr && lladdr) || /* (3) */ 2119 (olladdr && lladdr && llchange)) { /* (5) */ 2120 do_update = 1; 2121 newstate = ND6_LLINFO_STALE; 2122 } else /* (1-2,4) */ 2123 do_update = 0; 2124 } else { 2125 do_update = 1; 2126 if (lladdr == NULL) /* (6) */ 2127 newstate = ND6_LLINFO_NOSTATE; 2128 else /* (7) */ 2129 newstate = ND6_LLINFO_STALE; 2130 } 2131 2132 if (do_update) { 2133 /* 2134 * Update the state of the neighbor cache. 2135 */ 2136 ln->ln_state = newstate; 2137 2138 if (ln->ln_state == ND6_LLINFO_STALE) { 2139 /* 2140 * XXX: since nd6_output() below will cause 2141 * state tansition to DELAY and reset the timer, 2142 * we must set the timer now, although it is actually 2143 * meaningless. 2144 */ 2145 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 2146 2147 nd6_llinfo_release_pkts(ln, ifp, rt); 2148 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 2149 /* probe right away */ 2150 nd6_llinfo_settimer((void *)ln, 0); 2151 } 2152 } 2153 2154 /* 2155 * ICMP6 type dependent behavior. 2156 * 2157 * NS: clear IsRouter if new entry 2158 * RS: clear IsRouter 2159 * RA: set IsRouter if there's lladdr 2160 * redir: clear IsRouter if new entry 2161 * 2162 * RA case, (1): 2163 * The spec says that we must set IsRouter in the following cases: 2164 * - If lladdr exist, set IsRouter. This means (1-5). 2165 * - If it is old entry (!newentry), set IsRouter. This means (7). 2166 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 2167 * A quetion arises for (1) case. (1) case has no lladdr in the 2168 * neighbor cache, this is similar to (6). 2169 * This case is rare but we figured that we MUST NOT set IsRouter. 2170 * 2171 * newentry olladdr lladdr llchange NS RS RA redir 2172 * D R 2173 * 0 n n -- (1) c ? s 2174 * 0 y n -- (2) c s s 2175 * 0 n y -- (3) c s s 2176 * 0 y y n (4) c s s 2177 * 0 y y y (5) c s s 2178 * 1 -- n -- (6) c c c s 2179 * 1 -- y -- (7) c c s c s 2180 * 2181 * (c=clear s=set) 2182 */ 2183 switch (type & 0xff) { 2184 case ND_NEIGHBOR_SOLICIT: 2185 /* 2186 * New entry must have is_router flag cleared. 2187 */ 2188 if (is_newentry) /* (6-7) */ 2189 ln->ln_router = 0; 2190 break; 2191 case ND_REDIRECT: 2192 /* 2193 * If the icmp is a redirect to a better router, always set the 2194 * is_router flag. Otherwise, if the entry is newly created, 2195 * clear the flag. [RFC 2461, sec 8.3] 2196 */ 2197 if (code == ND_REDIRECT_ROUTER) 2198 ln->ln_router = 1; 2199 else if (is_newentry) /* (6-7) */ 2200 ln->ln_router = 0; 2201 break; 2202 case ND_ROUTER_SOLICIT: 2203 /* 2204 * is_router flag must always be cleared. 2205 */ 2206 ln->ln_router = 0; 2207 break; 2208 case ND_ROUTER_ADVERT: 2209 /* 2210 * Mark an entry with lladdr as a router. 2211 */ 2212 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 2213 (is_newentry && lladdr)) { /* (7) */ 2214 ln->ln_router = 1; 2215 } 2216 break; 2217 } 2218 2219 if (do_update) 2220 rt_newmsg(RTM_CHANGE, rt); /* tell user process */ 2221 2222 /* 2223 * When the link-layer address of a router changes, select the 2224 * best router again. In particular, when the neighbor entry is newly 2225 * created, it might affect the selection policy. 2226 * Question: can we restrict the first condition to the "is_newentry" 2227 * case? 2228 * XXX: when we hear an RA from a new router with the link-layer 2229 * address option, defrouter_select() is called twice, since 2230 * defrtrlist_update called the function as well. However, I believe 2231 * we can compromise the overhead, since it only happens the first 2232 * time. 2233 * XXX: although defrouter_select() should not have a bad effect 2234 * for those are not autoconfigured hosts, we explicitly avoid such 2235 * cases for safety. 2236 */ 2237 if (do_update && ln->ln_router && !ip6_forwarding && 2238 nd6_accepts_rtadv(ndi)) 2239 defrouter_select(); 2240 2241 rtfree(rt); 2242 } 2243 2244 static void 2245 nd6_slowtimo(void *ignored_arg) 2246 { 2247 struct nd_ifinfo *nd6if; 2248 struct ifnet *ifp; 2249 2250 mutex_enter(softnet_lock); 2251 KERNEL_LOCK(1, NULL); 2252 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 2253 nd6_slowtimo, NULL); 2254 IFNET_FOREACH(ifp) { 2255 nd6if = ND_IFINFO(ifp); 2256 if (nd6if->basereachable && /* already initialized */ 2257 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 2258 /* 2259 * Since reachable time rarely changes by router 2260 * advertisements, we SHOULD insure that a new random 2261 * value gets recomputed at least once every few hours. 2262 * (RFC 2461, 6.3.4) 2263 */ 2264 nd6if->recalctm = nd6_recalc_reachtm_interval; 2265 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 2266 } 2267 } 2268 KERNEL_UNLOCK_ONE(NULL); 2269 mutex_exit(softnet_lock); 2270 } 2271 2272 /* 2273 * Next hop determination. This routine was derived from ether_output. 2274 */ 2275 static int 2276 nd6_determine_nexthop(struct ifnet *ifp, const struct sockaddr_in6 *dst, 2277 struct rtentry *rt00, struct rtentry **ret_rt, bool *sendpkt) 2278 { 2279 struct rtentry *rt, *rt0; 2280 struct rtentry *gwrt; 2281 struct sockaddr_in6 *gw6; 2282 2283 #define RTFREE_IF_NEEDED(_rt) \ 2284 if ((_rt) != NULL && (_rt) != rt00) \ 2285 rtfree((_rt)); 2286 2287 KASSERT(rt00 != NULL); 2288 2289 rt = rt0 = rt00; 2290 2291 if ((rt->rt_flags & RTF_UP) == 0) { 2292 rt0 = rt = rtalloc1(sin6tocsa(dst), 1); 2293 if (rt == NULL) 2294 goto hostunreach; 2295 if (rt->rt_ifp != ifp) 2296 goto hostunreach; 2297 } 2298 2299 if ((rt->rt_flags & RTF_GATEWAY) == 0) 2300 goto out; 2301 2302 gw6 = (struct sockaddr_in6 *)rt->rt_gateway; 2303 2304 /* 2305 * We skip link-layer address resolution and NUD 2306 * if the gateway is not a neighbor from ND point 2307 * of view, regardless of the value of nd_ifinfo.flags. 2308 * The second condition is a bit tricky; we skip 2309 * if the gateway is our own address, which is 2310 * sometimes used to install a route to a p2p link. 2311 */ 2312 if (!nd6_is_addr_neighbor(gw6, ifp) || 2313 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) { 2314 /* 2315 * We allow this kind of tricky route only 2316 * when the outgoing interface is p2p. 2317 * XXX: we may need a more generic rule here. 2318 */ 2319 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 2320 goto hostunreach; 2321 2322 *sendpkt = true; 2323 goto out; 2324 } 2325 2326 /* Try to use a cached nexthop route (gwroute) if exists */ 2327 gwrt = rt_get_gwroute(rt); 2328 if (gwrt == NULL) 2329 goto lookup; 2330 2331 RTFREE_IF_NEEDED(rt); 2332 rt = gwrt; 2333 if ((rt->rt_flags & RTF_UP) == 0) { 2334 RTFREE_IF_NEEDED(rt); 2335 rt = rt0; 2336 lookup: 2337 /* Look up a nexthop route */ 2338 gwrt = rtalloc1(rt->rt_gateway, 1); 2339 rt_set_gwroute(rt, gwrt); 2340 RTFREE_IF_NEEDED(rt); 2341 rt = gwrt; 2342 if (rt == NULL) 2343 goto hostunreach; 2344 /* the "G" test below also prevents rt == rt0 */ 2345 if ((rt->rt_flags & RTF_GATEWAY) || 2346 (rt->rt_ifp != ifp)) { 2347 if (rt0->rt_gwroute != NULL) 2348 rtfree(rt0->rt_gwroute); 2349 rt0->rt_gwroute = NULL; 2350 goto hostunreach; 2351 } 2352 } 2353 2354 out: 2355 *ret_rt = rt; 2356 return 0; 2357 2358 hostunreach: 2359 RTFREE_IF_NEEDED(rt); 2360 2361 return EHOSTUNREACH; 2362 #undef RTFREE_IF_NEEDED 2363 } 2364 2365 #define senderr(e) { error = (e); goto bad;} 2366 int 2367 nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, 2368 const struct sockaddr_in6 *dst, struct rtentry *rt0) 2369 { 2370 struct mbuf *m = m0; 2371 struct rtentry *rt = rt0; 2372 struct llentry *ln = NULL; 2373 int error = 0; 2374 2375 #define RTFREE_IF_NEEDED(_rt) \ 2376 if ((_rt) != NULL && (_rt) != rt0) \ 2377 rtfree((_rt)); 2378 2379 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 2380 goto sendpkt; 2381 2382 if (nd6_need_cache(ifp) == 0) 2383 goto sendpkt; 2384 2385 if (rt) { 2386 struct rtentry *nexthop = NULL; 2387 bool sendpkt = false; 2388 2389 error = nd6_determine_nexthop(ifp, dst, rt, &nexthop, &sendpkt); 2390 if (error != 0) 2391 senderr(error); 2392 rt = nexthop; 2393 if (sendpkt) 2394 goto sendpkt; 2395 } 2396 2397 /* 2398 * Address resolution or Neighbor Unreachability Detection 2399 * for the next hop. 2400 * At this point, the destination of the packet must be a unicast 2401 * or an anycast address(i.e. not a multicast). 2402 */ 2403 2404 /* Look up the neighbor cache for the nexthop */ 2405 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) != 0) 2406 ln = rt->rt_llinfo; 2407 else { 2408 /* 2409 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 2410 * the condition below is not very efficient. But we believe 2411 * it is tolerable, because this should be a rare case. 2412 */ 2413 if (nd6_is_addr_neighbor(dst, ifp)) { 2414 RTFREE_IF_NEEDED(rt); 2415 rt = nd6_lookup(&dst->sin6_addr, 1, ifp); 2416 if (rt != NULL) 2417 ln = rt->rt_llinfo; 2418 } 2419 } 2420 if (ln == NULL || rt == NULL) { 2421 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 2422 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) { 2423 log(LOG_DEBUG, 2424 "nd6_output: can't allocate llinfo for %s " 2425 "(ln=%p, rt=%p)\n", 2426 ip6_sprintf(&dst->sin6_addr), ln, rt); 2427 senderr(EIO); /* XXX: good error? */ 2428 } 2429 2430 goto sendpkt; /* send anyway */ 2431 } 2432 2433 /* We don't have to do link-layer address resolution on a p2p link. */ 2434 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 2435 ln->ln_state < ND6_LLINFO_REACHABLE) { 2436 ln->ln_state = ND6_LLINFO_STALE; 2437 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 2438 } 2439 2440 /* 2441 * The first time we send a packet to a neighbor whose entry is 2442 * STALE, we have to change the state to DELAY and a sets a timer to 2443 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 2444 * neighbor unreachability detection on expiration. 2445 * (RFC 2461 7.3.3) 2446 */ 2447 if (ln->ln_state == ND6_LLINFO_STALE) { 2448 ln->ln_asked = 0; 2449 ln->ln_state = ND6_LLINFO_DELAY; 2450 nd6_llinfo_settimer(ln, nd6_delay * hz); 2451 } 2452 2453 /* 2454 * If the neighbor cache entry has a state other than INCOMPLETE 2455 * (i.e. its link-layer address is already resolved), just 2456 * send the packet. 2457 */ 2458 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 2459 goto sendpkt; 2460 2461 /* 2462 * There is a neighbor cache entry, but no ethernet address 2463 * response yet. Append this latest packet to the end of the 2464 * packet queue in the mbuf, unless the number of the packet 2465 * does not exceed nd6_maxqueuelen. When it exceeds nd6_maxqueuelen, 2466 * the oldest packet in the queue will be removed. 2467 */ 2468 if (ln->ln_state == ND6_LLINFO_NOSTATE) 2469 ln->ln_state = ND6_LLINFO_INCOMPLETE; 2470 if (ln->ln_hold) { 2471 struct mbuf *m_hold; 2472 int i; 2473 2474 i = 0; 2475 for (m_hold = ln->ln_hold; m_hold; m_hold = m_hold->m_nextpkt) { 2476 i++; 2477 if (m_hold->m_nextpkt == NULL) { 2478 m_hold->m_nextpkt = m; 2479 break; 2480 } 2481 } 2482 while (i >= nd6_maxqueuelen) { 2483 m_hold = ln->ln_hold; 2484 ln->ln_hold = ln->ln_hold->m_nextpkt; 2485 m_freem(m_hold); 2486 i--; 2487 } 2488 } else { 2489 ln->ln_hold = m; 2490 } 2491 2492 /* 2493 * If there has been no NS for the neighbor after entering the 2494 * INCOMPLETE state, send the first solicitation. 2495 */ 2496 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 2497 struct in6_addr src, *psrc; 2498 2499 ln->ln_asked++; 2500 nd6_llinfo_settimer(ln, 2501 ND_IFINFO(ifp)->retrans * hz / 1000); 2502 psrc = nd6_llinfo_get_holdsrc(ln, &src); 2503 nd6_ns_output(ifp, NULL, &dst->sin6_addr, psrc, 0); 2504 } 2505 error = 0; 2506 goto exit; 2507 2508 sendpkt: 2509 /* discard the packet if IPv6 operation is disabled on the interface */ 2510 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { 2511 error = ENETDOWN; /* better error? */ 2512 goto bad; 2513 } 2514 2515 #ifndef NET_MPSAFE 2516 KERNEL_LOCK(1, NULL); 2517 #endif 2518 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2519 error = (*ifp->if_output)(origifp, m, sin6tocsa(dst), rt); 2520 else 2521 error = (*ifp->if_output)(ifp, m, sin6tocsa(dst), rt); 2522 #ifndef NET_MPSAFE 2523 KERNEL_UNLOCK_ONE(NULL); 2524 #endif 2525 goto exit; 2526 2527 bad: 2528 if (m != NULL) 2529 m_freem(m); 2530 exit: 2531 RTFREE_IF_NEEDED(rt); 2532 2533 return error; 2534 #undef RTFREE_IF_NEEDED 2535 } 2536 #undef senderr 2537 2538 int 2539 nd6_need_cache(struct ifnet *ifp) 2540 { 2541 /* 2542 * XXX: we currently do not make neighbor cache on any interface 2543 * other than ARCnet, Ethernet, FDDI and GIF. 2544 * 2545 * RFC2893 says: 2546 * - unidirectional tunnels needs no ND 2547 */ 2548 switch (ifp->if_type) { 2549 case IFT_ARCNET: 2550 case IFT_ETHER: 2551 case IFT_FDDI: 2552 case IFT_IEEE1394: 2553 case IFT_CARP: 2554 case IFT_GIF: /* XXX need more cases? */ 2555 case IFT_PPP: 2556 case IFT_TUNNEL: 2557 return 1; 2558 default: 2559 return 0; 2560 } 2561 } 2562 2563 int 2564 nd6_storelladdr(const struct ifnet *ifp, const struct rtentry *rt, 2565 struct mbuf *m, const struct sockaddr *dst, uint8_t *lldst, 2566 size_t dstsize) 2567 { 2568 const struct sockaddr_dl *sdl; 2569 2570 if (m->m_flags & M_MCAST) { 2571 switch (ifp->if_type) { 2572 case IFT_ETHER: 2573 case IFT_FDDI: 2574 ETHER_MAP_IPV6_MULTICAST(&satocsin6(dst)->sin6_addr, 2575 lldst); 2576 return 1; 2577 case IFT_IEEE1394: 2578 memcpy(lldst, ifp->if_broadcastaddr, 2579 MIN(dstsize, ifp->if_addrlen)); 2580 return 1; 2581 case IFT_ARCNET: 2582 *lldst = 0; 2583 return 1; 2584 default: 2585 m_freem(m); 2586 return 0; 2587 } 2588 } 2589 2590 if (rt == NULL) { 2591 /* this could happen, if we could not allocate memory */ 2592 m_freem(m); 2593 return 0; 2594 } 2595 if (rt->rt_gateway->sa_family != AF_LINK) { 2596 char gbuf[256]; 2597 char dbuf[LINK_ADDRSTRLEN]; 2598 sockaddr_format(rt->rt_gateway, gbuf, sizeof(gbuf)); 2599 printf("%s: bad gateway address type %s for dst %s" 2600 " through interface %s\n", __func__, gbuf, 2601 IN6_PRINT(dbuf, &satocsin6(dst)->sin6_addr), 2602 if_name(ifp)); 2603 m_freem(m); 2604 return 0; 2605 } 2606 sdl = satocsdl(rt->rt_gateway); 2607 if (sdl->sdl_alen == 0 || sdl->sdl_alen > dstsize) { 2608 char sbuf[INET6_ADDRSTRLEN]; 2609 char dbuf[LINK_ADDRSTRLEN]; 2610 /* this should be impossible, but we bark here for debugging */ 2611 printf("%s: sdl_alen == %" PRIu8 ", if=%s, dst=%s, sdl=%s\n", 2612 __func__, sdl->sdl_alen, if_name(ifp), 2613 IN6_PRINT(sbuf, &satocsin6(dst)->sin6_addr), 2614 DL_PRINT(dbuf, &sdl->sdl_addr)); 2615 m_freem(m); 2616 return 0; 2617 } 2618 2619 memcpy(lldst, CLLADDR(sdl), MIN(dstsize, sdl->sdl_alen)); 2620 return 1; 2621 } 2622 2623 static void 2624 clear_llinfo_pqueue(struct llentry *ln) 2625 { 2626 struct mbuf *m_hold, *m_hold_next; 2627 2628 for (m_hold = ln->ln_hold; m_hold; m_hold = m_hold_next) { 2629 m_hold_next = m_hold->m_nextpkt; 2630 m_hold->m_nextpkt = NULL; 2631 m_freem(m_hold); 2632 } 2633 2634 ln->ln_hold = NULL; 2635 return; 2636 } 2637 2638 int 2639 nd6_sysctl( 2640 int name, 2641 void *oldp, /* syscall arg, need copyout */ 2642 size_t *oldlenp, 2643 void *newp, /* syscall arg, need copyin */ 2644 size_t newlen 2645 ) 2646 { 2647 void *p; 2648 size_t ol; 2649 int error; 2650 2651 error = 0; 2652 2653 if (newp) 2654 return EPERM; 2655 if (oldp && !oldlenp) 2656 return EINVAL; 2657 ol = oldlenp ? *oldlenp : 0; 2658 2659 if (oldp) { 2660 p = malloc(*oldlenp, M_TEMP, M_WAITOK); 2661 if (p == NULL) 2662 return ENOMEM; 2663 } else 2664 p = NULL; 2665 switch (name) { 2666 case ICMPV6CTL_ND6_DRLIST: 2667 error = fill_drlist(p, oldlenp, ol); 2668 if (!error && p != NULL && oldp != NULL) 2669 error = copyout(p, oldp, *oldlenp); 2670 break; 2671 2672 case ICMPV6CTL_ND6_PRLIST: 2673 error = fill_prlist(p, oldlenp, ol); 2674 if (!error && p != NULL && oldp != NULL) 2675 error = copyout(p, oldp, *oldlenp); 2676 break; 2677 2678 case ICMPV6CTL_ND6_MAXQLEN: 2679 break; 2680 2681 default: 2682 error = ENOPROTOOPT; 2683 break; 2684 } 2685 if (p) 2686 free(p, M_TEMP); 2687 2688 return error; 2689 } 2690 2691 static int 2692 fill_drlist(void *oldp, size_t *oldlenp, size_t ol) 2693 { 2694 int error = 0, s; 2695 struct in6_defrouter *d = NULL, *de = NULL; 2696 struct nd_defrouter *dr; 2697 size_t l; 2698 2699 s = splsoftnet(); 2700 2701 if (oldp) { 2702 d = (struct in6_defrouter *)oldp; 2703 de = (struct in6_defrouter *)((char *)oldp + *oldlenp); 2704 } 2705 l = 0; 2706 2707 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) { 2708 2709 if (oldp && d + 1 <= de) { 2710 memset(d, 0, sizeof(*d)); 2711 sockaddr_in6_init(&d->rtaddr, &dr->rtaddr, 0, 0, 0); 2712 if (sa6_recoverscope(&d->rtaddr)) { 2713 log(LOG_ERR, 2714 "scope error in router list (%s)\n", 2715 ip6_sprintf(&d->rtaddr.sin6_addr)); 2716 /* XXX: press on... */ 2717 } 2718 d->flags = dr->flags; 2719 d->rtlifetime = dr->rtlifetime; 2720 d->expire = dr->expire ? 2721 time_mono_to_wall(dr->expire) : 0; 2722 d->if_index = dr->ifp->if_index; 2723 } 2724 2725 l += sizeof(*d); 2726 if (d) 2727 d++; 2728 } 2729 2730 if (oldp) { 2731 if (l > ol) 2732 error = ENOMEM; 2733 } 2734 if (oldlenp) 2735 *oldlenp = l; /* (void *)d - (void *)oldp */ 2736 2737 splx(s); 2738 2739 return error; 2740 } 2741 2742 static int 2743 fill_prlist(void *oldp, size_t *oldlenp, size_t ol) 2744 { 2745 int error = 0, s; 2746 struct nd_prefix *pr; 2747 uint8_t *p = NULL, *ps = NULL; 2748 uint8_t *pe = NULL; 2749 size_t l; 2750 2751 s = splsoftnet(); 2752 2753 if (oldp) { 2754 ps = p = (uint8_t*)oldp; 2755 pe = (uint8_t*)oldp + *oldlenp; 2756 } 2757 l = 0; 2758 2759 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 2760 u_short advrtrs; 2761 struct sockaddr_in6 sin6; 2762 struct nd_pfxrouter *pfr; 2763 struct in6_prefix pfx; 2764 2765 if (oldp && p + sizeof(struct in6_prefix) <= pe) 2766 { 2767 memset(&pfx, 0, sizeof(pfx)); 2768 ps = p; 2769 pfx.prefix = pr->ndpr_prefix; 2770 2771 if (sa6_recoverscope(&pfx.prefix)) { 2772 log(LOG_ERR, 2773 "scope error in prefix list (%s)\n", 2774 ip6_sprintf(&pfx.prefix.sin6_addr)); 2775 /* XXX: press on... */ 2776 } 2777 pfx.raflags = pr->ndpr_raf; 2778 pfx.prefixlen = pr->ndpr_plen; 2779 pfx.vltime = pr->ndpr_vltime; 2780 pfx.pltime = pr->ndpr_pltime; 2781 pfx.if_index = pr->ndpr_ifp->if_index; 2782 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2783 pfx.expire = 0; 2784 else { 2785 time_t maxexpire; 2786 2787 /* XXX: we assume time_t is signed. */ 2788 maxexpire = (-1) & 2789 ~((time_t)1 << 2790 ((sizeof(maxexpire) * 8) - 1)); 2791 if (pr->ndpr_vltime < 2792 maxexpire - pr->ndpr_lastupdate) { 2793 pfx.expire = pr->ndpr_lastupdate + 2794 pr->ndpr_vltime; 2795 } else 2796 pfx.expire = maxexpire; 2797 } 2798 pfx.refcnt = pr->ndpr_refcnt; 2799 pfx.flags = pr->ndpr_stateflags; 2800 pfx.origin = PR_ORIG_RA; 2801 2802 p += sizeof(pfx); l += sizeof(pfx); 2803 2804 advrtrs = 0; 2805 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2806 if (p + sizeof(sin6) > pe) { 2807 advrtrs++; 2808 continue; 2809 } 2810 2811 sockaddr_in6_init(&sin6, &pfr->router->rtaddr, 2812 0, 0, 0); 2813 if (sa6_recoverscope(&sin6)) { 2814 log(LOG_ERR, 2815 "scope error in " 2816 "prefix list (%s)\n", 2817 ip6_sprintf(&pfr->router->rtaddr)); 2818 } 2819 advrtrs++; 2820 memcpy(p, &sin6, sizeof(sin6)); 2821 p += sizeof(sin6); 2822 l += sizeof(sin6); 2823 } 2824 pfx.advrtrs = advrtrs; 2825 memcpy(ps, &pfx, sizeof(pfx)); 2826 } 2827 else { 2828 l += sizeof(pfx); 2829 advrtrs = 0; 2830 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2831 advrtrs++; 2832 l += sizeof(sin6); 2833 } 2834 } 2835 } 2836 2837 if (oldp) { 2838 *oldlenp = l; /* (void *)d - (void *)oldp */ 2839 if (l > ol) 2840 error = ENOMEM; 2841 } else 2842 *oldlenp = l; 2843 2844 splx(s); 2845 2846 return error; 2847 } 2848