1 /* $NetBSD: nd6.c,v 1.195 2016/05/18 11:28:44 ozaki-r Exp $ */ 2 /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.195 2016/05/18 11:28:44 ozaki-r Exp $"); 35 36 #ifdef _KERNEL_OPT 37 #include "opt_net_mpsafe.h" 38 #endif 39 40 #include "bridge.h" 41 #include "carp.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/callout.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/socket.h> 49 #include <sys/socketvar.h> 50 #include <sys/sockio.h> 51 #include <sys/time.h> 52 #include <sys/kernel.h> 53 #include <sys/protosw.h> 54 #include <sys/errno.h> 55 #include <sys/ioctl.h> 56 #include <sys/syslog.h> 57 #include <sys/queue.h> 58 #include <sys/cprng.h> 59 60 #include <net/if.h> 61 #include <net/if_dl.h> 62 #include <net/if_llatbl.h> 63 #include <net/if_types.h> 64 #include <net/route.h> 65 #include <net/if_ether.h> 66 #include <net/if_fddi.h> 67 #include <net/if_arc.h> 68 69 #include <netinet/in.h> 70 #include <netinet6/in6_var.h> 71 #include <netinet/ip6.h> 72 #include <netinet6/ip6_var.h> 73 #include <netinet6/scope6_var.h> 74 #include <netinet6/nd6.h> 75 #include <netinet6/in6_ifattach.h> 76 #include <netinet/icmp6.h> 77 #include <netinet6/icmp6_private.h> 78 79 #include <net/net_osdep.h> 80 81 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 82 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 83 84 /* timer values */ 85 int nd6_prune = 1; /* walk list every 1 seconds */ 86 int nd6_delay = 5; /* delay first probe time 5 second */ 87 int nd6_umaxtries = 3; /* maximum unicast query */ 88 int nd6_mmaxtries = 3; /* maximum multicast query */ 89 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 90 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 91 92 /* preventing too many loops in ND option parsing */ 93 int nd6_maxndopt = 10; /* max # of ND options allowed */ 94 95 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 96 97 int nd6_maxqueuelen = 1; /* max # of packets cached in unresolved ND entries */ 98 99 #ifdef ND6_DEBUG 100 int nd6_debug = 1; 101 #else 102 int nd6_debug = 0; 103 #endif 104 105 struct nd_drhead nd_defrouter; 106 struct nd_prhead nd_prefix = { 0 }; 107 108 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 109 110 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *); 111 static void nd6_slowtimo(void *); 112 static int regen_tmpaddr(struct in6_ifaddr *); 113 static void nd6_free(struct llentry *, int); 114 static void nd6_llinfo_timer(void *); 115 static void nd6_timer(void *); 116 static void clear_llinfo_pqueue(struct llentry *); 117 118 static callout_t nd6_slowtimo_ch; 119 static callout_t nd6_timer_ch; 120 121 static int fill_drlist(void *, size_t *, size_t); 122 static int fill_prlist(void *, size_t *, size_t); 123 124 MALLOC_DEFINE(M_IP6NDP, "NDP", "IPv6 Neighbour Discovery"); 125 126 void 127 nd6_init(void) 128 { 129 130 /* initialization of the default router list */ 131 TAILQ_INIT(&nd_defrouter); 132 133 callout_init(&nd6_slowtimo_ch, CALLOUT_MPSAFE); 134 callout_init(&nd6_timer_ch, CALLOUT_MPSAFE); 135 136 /* start timer */ 137 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 138 nd6_slowtimo, NULL); 139 callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); 140 } 141 142 struct nd_ifinfo * 143 nd6_ifattach(struct ifnet *ifp) 144 { 145 struct nd_ifinfo *nd; 146 147 nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK|M_ZERO); 148 149 nd->initialized = 1; 150 151 nd->chlim = IPV6_DEFHLIM; 152 nd->basereachable = REACHABLE_TIME; 153 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 154 nd->retrans = RETRANS_TIMER; 155 156 nd->flags = ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV; 157 158 /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. 159 * A bridge interface should not have ND6_IFF_AUTO_LINKLOCAL 160 * because one of its members should. */ 161 if ((ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) || 162 (ifp->if_flags & IFF_LOOPBACK)) 163 nd->flags |= ND6_IFF_AUTO_LINKLOCAL; 164 165 /* A loopback interface does not need to accept RTADV. 166 * A bridge interface should not accept RTADV 167 * because one of its members should. */ 168 if (ip6_accept_rtadv && 169 !(ifp->if_flags & IFF_LOOPBACK) && 170 !(ifp->if_type != IFT_BRIDGE)) 171 nd->flags |= ND6_IFF_ACCEPT_RTADV; 172 173 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 174 nd6_setmtu0(ifp, nd); 175 176 return nd; 177 } 178 179 void 180 nd6_ifdetach(struct ifnet *ifp, struct in6_ifextra *ext) 181 { 182 183 nd6_purge(ifp, ext); 184 free(ext->nd_ifinfo, M_IP6NDP); 185 } 186 187 void 188 nd6_setmtu(struct ifnet *ifp) 189 { 190 nd6_setmtu0(ifp, ND_IFINFO(ifp)); 191 } 192 193 void 194 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) 195 { 196 u_int32_t omaxmtu; 197 198 omaxmtu = ndi->maxmtu; 199 200 switch (ifp->if_type) { 201 case IFT_ARCNET: 202 ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */ 203 break; 204 case IFT_FDDI: 205 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); 206 break; 207 default: 208 ndi->maxmtu = ifp->if_mtu; 209 break; 210 } 211 212 /* 213 * Decreasing the interface MTU under IPV6 minimum MTU may cause 214 * undesirable situation. We thus notify the operator of the change 215 * explicitly. The check for omaxmtu is necessary to restrict the 216 * log to the case of changing the MTU, not initializing it. 217 */ 218 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 219 log(LOG_NOTICE, "nd6_setmtu0: new link MTU on %s (%lu) is too" 220 " small for IPv6 which needs %lu\n", 221 if_name(ifp), (unsigned long)ndi->maxmtu, (unsigned long) 222 IPV6_MMTU); 223 } 224 225 if (ndi->maxmtu > in6_maxmtu) 226 in6_setmaxmtu(); /* check all interfaces just in case */ 227 } 228 229 void 230 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 231 { 232 233 memset(ndopts, 0, sizeof(*ndopts)); 234 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 235 ndopts->nd_opts_last 236 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 237 238 if (icmp6len == 0) { 239 ndopts->nd_opts_done = 1; 240 ndopts->nd_opts_search = NULL; 241 } 242 } 243 244 /* 245 * Take one ND option. 246 */ 247 struct nd_opt_hdr * 248 nd6_option(union nd_opts *ndopts) 249 { 250 struct nd_opt_hdr *nd_opt; 251 int olen; 252 253 KASSERT(ndopts != NULL); 254 KASSERT(ndopts->nd_opts_last != NULL); 255 256 if (ndopts->nd_opts_search == NULL) 257 return NULL; 258 if (ndopts->nd_opts_done) 259 return NULL; 260 261 nd_opt = ndopts->nd_opts_search; 262 263 /* make sure nd_opt_len is inside the buffer */ 264 if ((void *)&nd_opt->nd_opt_len >= (void *)ndopts->nd_opts_last) { 265 memset(ndopts, 0, sizeof(*ndopts)); 266 return NULL; 267 } 268 269 olen = nd_opt->nd_opt_len << 3; 270 if (olen == 0) { 271 /* 272 * Message validation requires that all included 273 * options have a length that is greater than zero. 274 */ 275 memset(ndopts, 0, sizeof(*ndopts)); 276 return NULL; 277 } 278 279 ndopts->nd_opts_search = (struct nd_opt_hdr *)((char *)nd_opt + olen); 280 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 281 /* option overruns the end of buffer, invalid */ 282 memset(ndopts, 0, sizeof(*ndopts)); 283 return NULL; 284 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 285 /* reached the end of options chain */ 286 ndopts->nd_opts_done = 1; 287 ndopts->nd_opts_search = NULL; 288 } 289 return nd_opt; 290 } 291 292 /* 293 * Parse multiple ND options. 294 * This function is much easier to use, for ND routines that do not need 295 * multiple options of the same type. 296 */ 297 int 298 nd6_options(union nd_opts *ndopts) 299 { 300 struct nd_opt_hdr *nd_opt; 301 int i = 0; 302 303 KASSERT(ndopts != NULL); 304 KASSERT(ndopts->nd_opts_last != NULL); 305 306 if (ndopts->nd_opts_search == NULL) 307 return 0; 308 309 while (1) { 310 nd_opt = nd6_option(ndopts); 311 if (nd_opt == NULL && ndopts->nd_opts_last == NULL) { 312 /* 313 * Message validation requires that all included 314 * options have a length that is greater than zero. 315 */ 316 ICMP6_STATINC(ICMP6_STAT_ND_BADOPT); 317 memset(ndopts, 0, sizeof(*ndopts)); 318 return -1; 319 } 320 321 if (nd_opt == NULL) 322 goto skip1; 323 324 switch (nd_opt->nd_opt_type) { 325 case ND_OPT_SOURCE_LINKADDR: 326 case ND_OPT_TARGET_LINKADDR: 327 case ND_OPT_MTU: 328 case ND_OPT_REDIRECTED_HEADER: 329 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 330 nd6log(LOG_INFO, 331 "duplicated ND6 option found (type=%d)\n", 332 nd_opt->nd_opt_type); 333 /* XXX bark? */ 334 } else { 335 ndopts->nd_opt_array[nd_opt->nd_opt_type] 336 = nd_opt; 337 } 338 break; 339 case ND_OPT_PREFIX_INFORMATION: 340 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 341 ndopts->nd_opt_array[nd_opt->nd_opt_type] 342 = nd_opt; 343 } 344 ndopts->nd_opts_pi_end = 345 (struct nd_opt_prefix_info *)nd_opt; 346 break; 347 default: 348 /* 349 * Unknown options must be silently ignored, 350 * to accommodate future extension to the protocol. 351 */ 352 nd6log(LOG_DEBUG, 353 "nd6_options: unsupported option %d - " 354 "option ignored\n", nd_opt->nd_opt_type); 355 } 356 357 skip1: 358 i++; 359 if (i > nd6_maxndopt) { 360 ICMP6_STATINC(ICMP6_STAT_ND_TOOMANYOPT); 361 nd6log(LOG_INFO, "too many loop in nd opt\n"); 362 break; 363 } 364 365 if (ndopts->nd_opts_done) 366 break; 367 } 368 369 return 0; 370 } 371 372 /* 373 * ND6 timer routine to handle ND6 entries 374 */ 375 void 376 nd6_llinfo_settimer(struct llentry *ln, time_t xtick) 377 { 378 379 CTASSERT(sizeof(time_t) > sizeof(int)); 380 LLE_WLOCK_ASSERT(ln); 381 382 if (xtick < 0) { 383 ln->ln_expire = 0; 384 ln->ln_ntick = 0; 385 callout_halt(&ln->ln_timer_ch, &ln->lle_lock); 386 } else { 387 ln->ln_expire = time_uptime + xtick / hz; 388 LLE_ADDREF(ln); 389 if (xtick > INT_MAX) { 390 ln->ln_ntick = xtick - INT_MAX; 391 callout_reset(&ln->ln_timer_ch, INT_MAX, 392 nd6_llinfo_timer, ln); 393 } else { 394 ln->ln_ntick = 0; 395 callout_reset(&ln->ln_timer_ch, xtick, 396 nd6_llinfo_timer, ln); 397 } 398 } 399 } 400 401 /* 402 * Gets source address of the first packet in hold queue 403 * and stores it in @src. 404 * Returns pointer to @src (if hold queue is not empty) or NULL. 405 */ 406 static struct in6_addr * 407 nd6_llinfo_get_holdsrc(struct llentry *ln, struct in6_addr *src) 408 { 409 struct ip6_hdr *hip6; 410 411 if (ln == NULL || ln->ln_hold == NULL) 412 return NULL; 413 414 /* 415 * assuming every packet in ln_hold has the same IP header 416 */ 417 hip6 = mtod(ln->ln_hold, struct ip6_hdr *); 418 /* XXX pullup? */ 419 if (sizeof(*hip6) < ln->ln_hold->m_len) 420 *src = hip6->ip6_src; 421 else 422 src = NULL; 423 424 return src; 425 } 426 427 static void 428 nd6_llinfo_timer(void *arg) 429 { 430 struct llentry *ln = arg; 431 struct ifnet *ifp; 432 struct nd_ifinfo *ndi = NULL; 433 bool send_ns = false; 434 const struct in6_addr *daddr6 = NULL; 435 436 mutex_enter(softnet_lock); 437 KERNEL_LOCK(1, NULL); 438 439 LLE_WLOCK(ln); 440 if (ln->ln_ntick > 0) { 441 nd6_llinfo_settimer(ln, ln->ln_ntick); 442 goto out; 443 } 444 445 if (callout_pending(&ln->la_timer)) { 446 /* 447 * Here we are a bit odd here in the treatment of 448 * active/pending. If the pending bit is set, it got 449 * rescheduled before I ran. The active 450 * bit we ignore, since if it was stopped 451 * in ll_tablefree() and was currently running 452 * it would have return 0 so the code would 453 * not have deleted it since the callout could 454 * not be stopped so we want to go through 455 * with the delete here now. If the callout 456 * was restarted, the pending bit will be back on and 457 * we just want to bail since the callout_reset would 458 * return 1 and our reference would have been removed 459 * by nd6_llinfo_settimer above since canceled 460 * would have been 1. 461 */ 462 goto out; 463 } 464 465 ifp = ln->lle_tbl->llt_ifp; 466 467 KASSERT(ifp != NULL); 468 469 ndi = ND_IFINFO(ifp); 470 471 switch (ln->ln_state) { 472 case ND6_LLINFO_INCOMPLETE: 473 if (ln->ln_asked < nd6_mmaxtries) { 474 ln->ln_asked++; 475 send_ns = true; 476 } else { 477 struct mbuf *m = ln->ln_hold; 478 if (m) { 479 struct mbuf *m0; 480 481 /* 482 * assuming every packet in ln_hold has 483 * the same IP header 484 */ 485 m0 = m->m_nextpkt; 486 m->m_nextpkt = NULL; 487 ln->ln_hold = m0; 488 clear_llinfo_pqueue(ln); 489 } 490 nd6_free(ln, 0); 491 ln = NULL; 492 if (m != NULL) 493 icmp6_error2(m, ICMP6_DST_UNREACH, 494 ICMP6_DST_UNREACH_ADDR, 0, ifp); 495 } 496 break; 497 case ND6_LLINFO_REACHABLE: 498 if (!ND6_LLINFO_PERMANENT(ln)) { 499 ln->ln_state = ND6_LLINFO_STALE; 500 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 501 } 502 break; 503 504 case ND6_LLINFO_PURGE: 505 case ND6_LLINFO_STALE: 506 /* Garbage Collection(RFC 2461 5.3) */ 507 if (!ND6_LLINFO_PERMANENT(ln)) { 508 nd6_free(ln, 1); 509 ln = NULL; 510 } 511 break; 512 513 case ND6_LLINFO_DELAY: 514 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 515 /* We need NUD */ 516 ln->ln_asked = 1; 517 ln->ln_state = ND6_LLINFO_PROBE; 518 daddr6 = &ln->r_l3addr.addr6; 519 send_ns = true; 520 } else { 521 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 522 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 523 } 524 break; 525 case ND6_LLINFO_PROBE: 526 if (ln->ln_asked < nd6_umaxtries) { 527 ln->ln_asked++; 528 daddr6 = &ln->r_l3addr.addr6; 529 send_ns = true; 530 } else { 531 nd6_free(ln, 0); 532 ln = NULL; 533 } 534 break; 535 } 536 537 if (send_ns) { 538 struct in6_addr src, *psrc; 539 const struct in6_addr *taddr6 = &ln->r_l3addr.addr6; 540 541 nd6_llinfo_settimer(ln, ndi->retrans * hz / 1000); 542 psrc = nd6_llinfo_get_holdsrc(ln, &src); 543 LLE_FREE_LOCKED(ln); 544 ln = NULL; 545 nd6_ns_output(ifp, daddr6, taddr6, psrc, 0); 546 } 547 548 out: 549 if (ln != NULL) 550 LLE_FREE_LOCKED(ln); 551 KERNEL_UNLOCK_ONE(NULL); 552 mutex_exit(softnet_lock); 553 } 554 555 /* 556 * ND6 timer routine to expire default route list and prefix list 557 */ 558 static void 559 nd6_timer(void *ignored_arg) 560 { 561 struct nd_defrouter *next_dr, *dr; 562 struct nd_prefix *next_pr, *pr; 563 struct in6_ifaddr *ia6, *nia6; 564 565 callout_reset(&nd6_timer_ch, nd6_prune * hz, 566 nd6_timer, NULL); 567 568 mutex_enter(softnet_lock); 569 KERNEL_LOCK(1, NULL); 570 571 /* expire default router list */ 572 573 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, next_dr) { 574 if (dr->expire && dr->expire < time_uptime) { 575 defrtrlist_del(dr, NULL); 576 } 577 } 578 579 /* 580 * expire interface addresses. 581 * in the past the loop was inside prefix expiry processing. 582 * However, from a stricter speci-confrmance standpoint, we should 583 * rather separate address lifetimes and prefix lifetimes. 584 */ 585 addrloop: 586 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) { 587 nia6 = ia6->ia_next; 588 /* check address lifetime */ 589 if (IFA6_IS_INVALID(ia6)) { 590 int regen = 0; 591 592 /* 593 * If the expiring address is temporary, try 594 * regenerating a new one. This would be useful when 595 * we suspended a laptop PC, then turned it on after a 596 * period that could invalidate all temporary 597 * addresses. Although we may have to restart the 598 * loop (see below), it must be after purging the 599 * address. Otherwise, we'd see an infinite loop of 600 * regeneration. 601 */ 602 if (ip6_use_tempaddr && 603 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 604 if (regen_tmpaddr(ia6) == 0) 605 regen = 1; 606 } 607 608 in6_purgeaddr(&ia6->ia_ifa); 609 610 if (regen) 611 goto addrloop; /* XXX: see below */ 612 } else if (IFA6_IS_DEPRECATED(ia6)) { 613 int oldflags = ia6->ia6_flags; 614 615 if ((oldflags & IN6_IFF_DEPRECATED) == 0) { 616 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 617 rt_newaddrmsg(RTM_NEWADDR, 618 (struct ifaddr *)ia6, 0, NULL); 619 } 620 621 /* 622 * If a temporary address has just become deprecated, 623 * regenerate a new one if possible. 624 */ 625 if (ip6_use_tempaddr && 626 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 627 (oldflags & IN6_IFF_DEPRECATED) == 0) { 628 629 if (regen_tmpaddr(ia6) == 0) { 630 /* 631 * A new temporary address is 632 * generated. 633 * XXX: this means the address chain 634 * has changed while we are still in 635 * the loop. Although the change 636 * would not cause disaster (because 637 * it's not a deletion, but an 638 * addition,) we'd rather restart the 639 * loop just for safety. Or does this 640 * significantly reduce performance?? 641 */ 642 goto addrloop; 643 } 644 } 645 } else { 646 /* 647 * A new RA might have made a deprecated address 648 * preferred. 649 */ 650 if (ia6->ia6_flags & IN6_IFF_DEPRECATED) { 651 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 652 rt_newaddrmsg(RTM_NEWADDR, 653 (struct ifaddr *)ia6, 0, NULL); 654 } 655 } 656 } 657 658 /* expire prefix list */ 659 LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, next_pr) { 660 /* 661 * check prefix lifetime. 662 * since pltime is just for autoconf, pltime processing for 663 * prefix is not necessary. 664 */ 665 if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME && 666 time_uptime - pr->ndpr_lastupdate > pr->ndpr_vltime) { 667 668 /* 669 * address expiration and prefix expiration are 670 * separate. NEVER perform in6_purgeaddr here. 671 */ 672 673 prelist_remove(pr); 674 } 675 } 676 677 KERNEL_UNLOCK_ONE(NULL); 678 mutex_exit(softnet_lock); 679 } 680 681 /* ia6: deprecated/invalidated temporary address */ 682 static int 683 regen_tmpaddr(struct in6_ifaddr *ia6) 684 { 685 struct ifaddr *ifa; 686 struct ifnet *ifp; 687 struct in6_ifaddr *public_ifa6 = NULL; 688 689 ifp = ia6->ia_ifa.ifa_ifp; 690 IFADDR_FOREACH(ifa, ifp) { 691 struct in6_ifaddr *it6; 692 693 if (ifa->ifa_addr->sa_family != AF_INET6) 694 continue; 695 696 it6 = (struct in6_ifaddr *)ifa; 697 698 /* ignore no autoconf addresses. */ 699 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 700 continue; 701 702 /* ignore autoconf addresses with different prefixes. */ 703 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 704 continue; 705 706 /* 707 * Now we are looking at an autoconf address with the same 708 * prefix as ours. If the address is temporary and is still 709 * preferred, do not create another one. It would be rare, but 710 * could happen, for example, when we resume a laptop PC after 711 * a long period. 712 */ 713 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 714 !IFA6_IS_DEPRECATED(it6)) { 715 public_ifa6 = NULL; 716 break; 717 } 718 719 /* 720 * This is a public autoconf address that has the same prefix 721 * as ours. If it is preferred, keep it. We can't break the 722 * loop here, because there may be a still-preferred temporary 723 * address with the prefix. 724 */ 725 if (!IFA6_IS_DEPRECATED(it6)) 726 public_ifa6 = it6; 727 } 728 729 if (public_ifa6 != NULL) { 730 int e; 731 732 /* 733 * Random factor is introduced in the preferred lifetime, so 734 * we do not need additional delay (3rd arg to in6_tmpifadd). 735 */ 736 if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) { 737 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 738 " tmp addr, errno=%d\n", e); 739 return -1; 740 } 741 return 0; 742 } 743 744 return -1; 745 } 746 747 bool 748 nd6_accepts_rtadv(const struct nd_ifinfo *ndi) 749 { 750 switch (ndi->flags & (ND6_IFF_ACCEPT_RTADV|ND6_IFF_OVERRIDE_RTADV)) { 751 case ND6_IFF_OVERRIDE_RTADV|ND6_IFF_ACCEPT_RTADV: 752 return true; 753 case ND6_IFF_ACCEPT_RTADV: 754 return ip6_accept_rtadv != 0; 755 case ND6_IFF_OVERRIDE_RTADV: 756 case 0: 757 default: 758 return false; 759 } 760 } 761 762 /* 763 * Nuke neighbor cache/prefix/default router management table, right before 764 * ifp goes away. 765 */ 766 void 767 nd6_purge(struct ifnet *ifp, struct in6_ifextra *ext) 768 { 769 struct nd_defrouter *dr, *ndr; 770 struct nd_prefix *pr, *npr; 771 772 /* 773 * During detach, the ND info might be already removed, but 774 * then is explitly passed as argument. 775 * Otherwise get it from ifp->if_afdata. 776 */ 777 if (ext == NULL) 778 ext = ifp->if_afdata[AF_INET6]; 779 if (ext == NULL) 780 return; 781 782 /* 783 * Nuke default router list entries toward ifp. 784 * We defer removal of default router list entries that is installed 785 * in the routing table, in order to keep additional side effects as 786 * small as possible. 787 */ 788 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, ndr) { 789 if (dr->installed) 790 continue; 791 792 if (dr->ifp == ifp) { 793 KASSERT(ext != NULL); 794 defrtrlist_del(dr, ext); 795 } 796 } 797 798 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, ndr) { 799 if (!dr->installed) 800 continue; 801 802 if (dr->ifp == ifp) { 803 KASSERT(ext != NULL); 804 defrtrlist_del(dr, ext); 805 } 806 } 807 808 /* Nuke prefix list entries toward ifp */ 809 LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, npr) { 810 if (pr->ndpr_ifp == ifp) { 811 /* 812 * Because if_detach() does *not* release prefixes 813 * while purging addresses the reference count will 814 * still be above zero. We therefore reset it to 815 * make sure that the prefix really gets purged. 816 */ 817 pr->ndpr_refcnt = 0; 818 /* 819 * Previously, pr->ndpr_addr is removed as well, 820 * but I strongly believe we don't have to do it. 821 * nd6_purge() is only called from in6_ifdetach(), 822 * which removes all the associated interface addresses 823 * by itself. 824 * (jinmei@kame.net 20010129) 825 */ 826 prelist_remove(pr); 827 } 828 } 829 830 /* cancel default outgoing interface setting */ 831 if (nd6_defifindex == ifp->if_index) 832 nd6_setdefaultiface(0); 833 834 /* XXX: too restrictive? */ 835 if (!ip6_forwarding && ifp->if_afdata[AF_INET6]) { 836 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 837 if (ndi && nd6_accepts_rtadv(ndi)) { 838 /* refresh default router list */ 839 defrouter_select(); 840 } 841 } 842 843 /* 844 * We may not need to nuke the neighbor cache entries here 845 * because the neighbor cache is kept in if_afdata[AF_INET6]. 846 * nd6_purge() is invoked by in6_ifdetach() which is called 847 * from if_detach() where everything gets purged. However 848 * in6_ifdetach is directly called from vlan(4), so we still 849 * need to purge entries here. 850 */ 851 if (ext->lltable != NULL) 852 lltable_purge_entries(ext->lltable); 853 } 854 855 struct llentry * 856 nd6_lookup(const struct in6_addr *addr6, const struct ifnet *ifp, bool wlock) 857 { 858 struct sockaddr_in6 sin6; 859 struct llentry *ln; 860 861 sockaddr_in6_init(&sin6, addr6, 0, 0, 0); 862 863 IF_AFDATA_RLOCK(ifp); 864 ln = lla_lookup(LLTABLE6(ifp), wlock ? LLE_EXCLUSIVE : 0, 865 sin6tosa(&sin6)); 866 IF_AFDATA_RUNLOCK(ifp); 867 868 return ln; 869 } 870 871 struct llentry * 872 nd6_create(const struct in6_addr *addr6, const struct ifnet *ifp) 873 { 874 struct sockaddr_in6 sin6; 875 struct llentry *ln; 876 877 sockaddr_in6_init(&sin6, addr6, 0, 0, 0); 878 879 IF_AFDATA_WLOCK(ifp); 880 ln = lla_create(LLTABLE6(ifp), LLE_EXCLUSIVE, 881 sin6tosa(&sin6)); 882 IF_AFDATA_WUNLOCK(ifp); 883 884 if (ln != NULL) 885 ln->ln_state = ND6_LLINFO_NOSTATE; 886 887 return ln; 888 } 889 890 /* 891 * Test whether a given IPv6 address is a neighbor or not, ignoring 892 * the actual neighbor cache. The neighbor cache is ignored in order 893 * to not reenter the routing code from within itself. 894 */ 895 static int 896 nd6_is_new_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 897 { 898 struct nd_prefix *pr; 899 struct ifaddr *dstaddr; 900 901 /* 902 * A link-local address is always a neighbor. 903 * XXX: a link does not necessarily specify a single interface. 904 */ 905 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 906 struct sockaddr_in6 sin6_copy; 907 u_int32_t zone; 908 909 /* 910 * We need sin6_copy since sa6_recoverscope() may modify the 911 * content (XXX). 912 */ 913 sin6_copy = *addr; 914 if (sa6_recoverscope(&sin6_copy)) 915 return 0; /* XXX: should be impossible */ 916 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 917 return 0; 918 if (sin6_copy.sin6_scope_id == zone) 919 return 1; 920 else 921 return 0; 922 } 923 924 /* 925 * If the address matches one of our addresses, 926 * it should be a neighbor. 927 * If the address matches one of our on-link prefixes, it should be a 928 * neighbor. 929 */ 930 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 931 if (pr->ndpr_ifp != ifp) 932 continue; 933 934 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) { 935 struct rtentry *rt; 936 937 rt = rtalloc1((struct sockaddr *)&pr->ndpr_prefix, 0); 938 if (rt == NULL) 939 continue; 940 /* 941 * This is the case where multiple interfaces 942 * have the same prefix, but only one is installed 943 * into the routing table and that prefix entry 944 * is not the one being examined here. In the case 945 * where RADIX_MPATH is enabled, multiple route 946 * entries (of the same rt_key value) will be 947 * installed because the interface addresses all 948 * differ. 949 */ 950 if (!IN6_ARE_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 951 &satocsin6(rt_getkey(rt))->sin6_addr)) { 952 continue; 953 } 954 } 955 956 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 957 &addr->sin6_addr, &pr->ndpr_mask)) 958 return 1; 959 } 960 961 /* 962 * If the address is assigned on the node of the other side of 963 * a p2p interface, the address should be a neighbor. 964 */ 965 dstaddr = ifa_ifwithdstaddr((const struct sockaddr *)addr); 966 if (dstaddr != NULL) { 967 if (dstaddr->ifa_ifp == ifp) { 968 #ifdef __FreeBSD__ 969 /* XXX we need to ifaref in ifa_ifwithdstaddr as well */ 970 ifafree(dstaddr); 971 #endif 972 return 1; 973 } 974 #ifdef __FreeBSD__ 975 /* XXX we need to ifaref in ifa_ifwithdstaddr as well */ 976 ifafree(dstaddr); 977 #endif 978 } 979 980 /* 981 * If the default router list is empty, all addresses are regarded 982 * as on-link, and thus, as a neighbor. 983 */ 984 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && 985 TAILQ_EMPTY(&nd_defrouter) && 986 nd6_defifindex == ifp->if_index) { 987 return 1; 988 } 989 990 return 0; 991 } 992 993 /* 994 * Detect if a given IPv6 address identifies a neighbor on a given link. 995 * XXX: should take care of the destination of a p2p link? 996 */ 997 int 998 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 999 { 1000 struct nd_prefix *pr; 1001 struct llentry *ln; 1002 struct rtentry *rt; 1003 1004 /* 1005 * A link-local address is always a neighbor. 1006 * XXX: a link does not necessarily specify a single interface. 1007 */ 1008 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 1009 struct sockaddr_in6 sin6_copy; 1010 u_int32_t zone; 1011 1012 /* 1013 * We need sin6_copy since sa6_recoverscope() may modify the 1014 * content (XXX). 1015 */ 1016 sin6_copy = *addr; 1017 if (sa6_recoverscope(&sin6_copy)) 1018 return 0; /* XXX: should be impossible */ 1019 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 1020 return 0; 1021 if (sin6_copy.sin6_scope_id == zone) 1022 return 1; 1023 else 1024 return 0; 1025 } 1026 1027 /* 1028 * If the address matches one of our on-link prefixes, it should be a 1029 * neighbor. 1030 */ 1031 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1032 if (pr->ndpr_ifp != ifp) 1033 continue; 1034 1035 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) 1036 continue; 1037 1038 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 1039 &addr->sin6_addr, &pr->ndpr_mask)) 1040 return 1; 1041 } 1042 1043 /* 1044 * If the default router list is empty, all addresses are regarded 1045 * as on-link, and thus, as a neighbor. 1046 * XXX: we restrict the condition to hosts, because routers usually do 1047 * not have the "default router list". 1048 */ 1049 if (!ip6_forwarding && TAILQ_FIRST(&nd_defrouter) == NULL && 1050 nd6_defifindex == ifp->if_index) { 1051 return 1; 1052 } 1053 1054 IF_AFDATA_UNLOCK_ASSERT(ifp); 1055 if (nd6_is_new_addr_neighbor(addr, ifp)) 1056 return 1; 1057 1058 /* 1059 * Even if the address matches none of our addresses, it might be 1060 * in the neighbor cache or a connected route. 1061 */ 1062 ln = nd6_lookup(&addr->sin6_addr, ifp, false); 1063 if (ln != NULL) { 1064 LLE_RUNLOCK(ln); 1065 return 1; 1066 } 1067 1068 rt = rtalloc1(sin6tocsa(addr), 0); 1069 if (rt == NULL) 1070 return 0; 1071 1072 if ((rt->rt_flags & RTF_CONNECTED) && (rt->rt_ifp == ifp 1073 #if NBRIDGE > 0 1074 || rt->rt_ifp->if_bridge == ifp->if_bridge 1075 #endif 1076 #if NCARP > 0 1077 || (ifp->if_type == IFT_CARP && rt->rt_ifp == ifp->if_carpdev) || 1078 (rt->rt_ifp->if_type == IFT_CARP && rt->rt_ifp->if_carpdev == ifp)|| 1079 (ifp->if_type == IFT_CARP && rt->rt_ifp->if_type == IFT_CARP && 1080 rt->rt_ifp->if_carpdev == ifp->if_carpdev) 1081 #endif 1082 )) { 1083 rtfree(rt); 1084 return 1; 1085 } 1086 rtfree(rt); 1087 1088 return 0; 1089 } 1090 1091 /* 1092 * Free an nd6 llinfo entry. 1093 * Since the function would cause significant changes in the kernel, DO NOT 1094 * make it global, unless you have a strong reason for the change, and are sure 1095 * that the change is safe. 1096 */ 1097 static void 1098 nd6_free(struct llentry *ln, int gc) 1099 { 1100 struct nd_defrouter *dr; 1101 struct ifnet *ifp; 1102 struct in6_addr *in6; 1103 1104 KASSERT(ln != NULL); 1105 LLE_WLOCK_ASSERT(ln); 1106 1107 ifp = ln->lle_tbl->llt_ifp; 1108 in6 = &ln->r_l3addr.addr6; 1109 /* 1110 * we used to have pfctlinput(PRC_HOSTDEAD) here. 1111 * even though it is not harmful, it was not really necessary. 1112 */ 1113 1114 /* cancel timer */ 1115 nd6_llinfo_settimer(ln, -1); 1116 1117 if (!ip6_forwarding) { 1118 int s; 1119 s = splsoftnet(); 1120 dr = defrouter_lookup(in6, ifp); 1121 1122 if (dr != NULL && dr->expire && 1123 ln->ln_state == ND6_LLINFO_STALE && gc) { 1124 /* 1125 * If the reason for the deletion is just garbage 1126 * collection, and the neighbor is an active default 1127 * router, do not delete it. Instead, reset the GC 1128 * timer using the router's lifetime. 1129 * Simply deleting the entry would affect default 1130 * router selection, which is not necessarily a good 1131 * thing, especially when we're using router preference 1132 * values. 1133 * XXX: the check for ln_state would be redundant, 1134 * but we intentionally keep it just in case. 1135 */ 1136 if (dr->expire > time_uptime) 1137 nd6_llinfo_settimer(ln, 1138 (dr->expire - time_uptime) * hz); 1139 else 1140 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 1141 splx(s); 1142 LLE_WUNLOCK(ln); 1143 return; 1144 } 1145 1146 if (ln->ln_router || dr) { 1147 /* 1148 * We need to unlock to avoid a LOR with rt6_flush() 1149 * with the rnh and for the calls to 1150 * pfxlist_onlink_check() and defrouter_select() in the 1151 * block further down for calls into nd6_lookup(). 1152 * We still hold a ref. 1153 */ 1154 LLE_WUNLOCK(ln); 1155 1156 /* 1157 * rt6_flush must be called whether or not the neighbor 1158 * is in the Default Router List. 1159 * See a corresponding comment in nd6_na_input(). 1160 */ 1161 rt6_flush(in6, ifp); 1162 } 1163 1164 if (dr) { 1165 /* 1166 * Unreachablity of a router might affect the default 1167 * router selection and on-link detection of advertised 1168 * prefixes. 1169 */ 1170 1171 /* 1172 * Temporarily fake the state to choose a new default 1173 * router and to perform on-link determination of 1174 * prefixes correctly. 1175 * Below the state will be set correctly, 1176 * or the entry itself will be deleted. 1177 */ 1178 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1179 1180 /* 1181 * Since defrouter_select() does not affect the 1182 * on-link determination and MIP6 needs the check 1183 * before the default router selection, we perform 1184 * the check now. 1185 */ 1186 pfxlist_onlink_check(); 1187 1188 /* 1189 * refresh default router list 1190 */ 1191 defrouter_select(); 1192 } 1193 1194 #ifdef __FreeBSD__ 1195 /* 1196 * If this entry was added by an on-link redirect, remove the 1197 * corresponding host route. 1198 */ 1199 if (ln->la_flags & LLE_REDIRECT) 1200 nd6_free_redirect(ln); 1201 #endif 1202 1203 if (ln->ln_router || dr) 1204 LLE_WLOCK(ln); 1205 1206 splx(s); 1207 } 1208 1209 /* 1210 * Save to unlock. We still hold an extra reference and will not 1211 * free(9) in llentry_free() if someone else holds one as well. 1212 */ 1213 LLE_WUNLOCK(ln); 1214 IF_AFDATA_LOCK(ifp); 1215 LLE_WLOCK(ln); 1216 1217 /* Guard against race with other llentry_free(). */ 1218 if (ln->la_flags & LLE_LINKED) { 1219 LLE_REMREF(ln); 1220 llentry_free(ln); 1221 } else 1222 LLE_FREE_LOCKED(ln); 1223 1224 IF_AFDATA_UNLOCK(ifp); 1225 } 1226 1227 /* 1228 * Upper-layer reachability hint for Neighbor Unreachability Detection. 1229 * 1230 * XXX cost-effective methods? 1231 */ 1232 void 1233 nd6_nud_hint(struct rtentry *rt) 1234 { 1235 struct llentry *ln; 1236 struct ifnet *ifp; 1237 1238 if (rt == NULL) 1239 return; 1240 1241 ifp = rt->rt_ifp; 1242 ln = nd6_lookup(&(satocsin6(rt_getkey(rt)))->sin6_addr, ifp, true); 1243 if (ln == NULL) 1244 return; 1245 1246 if (ln->ln_state < ND6_LLINFO_REACHABLE) 1247 goto done; 1248 1249 /* 1250 * if we get upper-layer reachability confirmation many times, 1251 * it is possible we have false information. 1252 */ 1253 ln->ln_byhint++; 1254 if (ln->ln_byhint > nd6_maxnudhint) 1255 goto done; 1256 1257 ln->ln_state = ND6_LLINFO_REACHABLE; 1258 if (!ND6_LLINFO_PERMANENT(ln)) 1259 nd6_llinfo_settimer(ln, ND_IFINFO(rt->rt_ifp)->reachable * hz); 1260 1261 done: 1262 LLE_WUNLOCK(ln); 1263 1264 return; 1265 } 1266 1267 static int 1268 nd6_purge_entry(struct lltable *llt, struct llentry *ln, void *farg) 1269 { 1270 int *n = farg; 1271 1272 if (*n <= 0) 1273 return 0; 1274 1275 if (ND6_LLINFO_PERMANENT(ln)) 1276 return 0; 1277 1278 LLE_WLOCK(ln); 1279 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1280 ln->ln_state = ND6_LLINFO_STALE; 1281 else 1282 ln->ln_state = ND6_LLINFO_PURGE; 1283 nd6_llinfo_settimer(ln, 0); 1284 LLE_WUNLOCK(ln); 1285 1286 (*n)--; 1287 return 0; 1288 } 1289 1290 static void 1291 nd6_gc_neighbors(struct lltable *llt) 1292 { 1293 int max_gc_entries = 10; 1294 1295 if (ip6_neighborgcthresh >= 0 && 1296 lltable_get_entry_count(llt) >= ip6_neighborgcthresh) { 1297 /* 1298 * XXX entries that are "less recently used" should be 1299 * freed first. 1300 */ 1301 lltable_foreach_lle(llt, nd6_purge_entry, &max_gc_entries); 1302 } 1303 } 1304 1305 void 1306 nd6_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info) 1307 { 1308 struct sockaddr *gate = rt->rt_gateway; 1309 struct ifnet *ifp = rt->rt_ifp; 1310 uint8_t namelen = strlen(ifp->if_xname), addrlen = ifp->if_addrlen; 1311 struct ifaddr *ifa; 1312 1313 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1314 1315 if (req == RTM_LLINFO_UPD) { 1316 int rc; 1317 struct in6_addr *in6; 1318 struct in6_addr in6_all; 1319 int anycast; 1320 1321 if ((ifa = info->rti_ifa) == NULL) 1322 return; 1323 1324 in6 = &ifatoia6(ifa)->ia_addr.sin6_addr; 1325 anycast = ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST; 1326 1327 in6_all = in6addr_linklocal_allnodes; 1328 if ((rc = in6_setscope(&in6_all, ifa->ifa_ifp, NULL)) != 0) { 1329 log(LOG_ERR, "%s: failed to set scope %s " 1330 "(errno=%d)\n", __func__, if_name(ifp), rc); 1331 return; 1332 } 1333 1334 /* XXX don't set Override for proxy addresses */ 1335 nd6_na_output(ifa->ifa_ifp, &in6_all, in6, 1336 (anycast ? 0 : ND_NA_FLAG_OVERRIDE) 1337 #if 0 1338 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0) 1339 #endif 1340 , 1, NULL); 1341 return; 1342 } 1343 1344 if ((rt->rt_flags & RTF_GATEWAY) != 0) 1345 return; 1346 1347 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 1348 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1349 /* 1350 * This is probably an interface direct route for a link 1351 * which does not need neighbor caches (e.g. fe80::%lo0/64). 1352 * We do not need special treatment below for such a route. 1353 * Moreover, the RTF_LLINFO flag which would be set below 1354 * would annoy the ndp(8) command. 1355 */ 1356 return; 1357 } 1358 1359 switch (req) { 1360 case RTM_ADD: 1361 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1362 /* 1363 * There is no backward compatibility :) 1364 * 1365 * if ((rt->rt_flags & RTF_HOST) == 0 && 1366 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1367 * rt->rt_flags |= RTF_CLONING; 1368 */ 1369 /* XXX should move to route.c? */ 1370 if (rt->rt_flags & (RTF_CONNECTED | RTF_LOCAL)) { 1371 union { 1372 struct sockaddr sa; 1373 struct sockaddr_dl sdl; 1374 struct sockaddr_storage ss; 1375 } u; 1376 /* 1377 * Case 1: This route should come from a route to 1378 * interface (RTF_CLONING case) or the route should be 1379 * treated as on-link but is currently not 1380 * (RTF_LLINFO && ln == NULL case). 1381 */ 1382 if (sockaddr_dl_init(&u.sdl, sizeof(u.ss), 1383 ifp->if_index, ifp->if_type, 1384 NULL, namelen, NULL, addrlen) == NULL) { 1385 printf("%s.%d: sockaddr_dl_init(, %zu, ) " 1386 "failed on %s\n", __func__, __LINE__, 1387 sizeof(u.ss), if_name(ifp)); 1388 } 1389 rt_setgate(rt, &u.sa); 1390 gate = rt->rt_gateway; 1391 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1392 if (gate == NULL) { 1393 log(LOG_ERR, 1394 "%s: rt_setgate failed on %s\n", __func__, 1395 if_name(ifp)); 1396 break; 1397 } 1398 1399 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1400 if ((rt->rt_flags & RTF_CONNECTED) != 0) 1401 break; 1402 } 1403 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1404 /* 1405 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1406 * We don't do that here since llinfo is not ready yet. 1407 * 1408 * There are also couple of other things to be discussed: 1409 * - unsolicited NA code needs improvement beforehand 1410 * - RFC2461 says we MAY send multicast unsolicited NA 1411 * (7.2.6 paragraph 4), however, it also says that we 1412 * SHOULD provide a mechanism to prevent multicast NA storm. 1413 * we don't have anything like it right now. 1414 * note that the mechanism needs a mutual agreement 1415 * between proxies, which means that we need to implement 1416 * a new protocol, or a new kludge. 1417 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1418 * we need to check ip6forwarding before sending it. 1419 * (or should we allow proxy ND configuration only for 1420 * routers? there's no mention about proxy ND from hosts) 1421 */ 1422 #if 0 1423 /* XXX it does not work */ 1424 if (rt->rt_flags & RTF_ANNOUNCE) 1425 nd6_na_output(ifp, 1426 &satocsin6(rt_getkey(rt))->sin6_addr, 1427 &satocsin6(rt_getkey(rt))->sin6_addr, 1428 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1429 1, NULL); 1430 #endif 1431 1432 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 1433 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1434 /* 1435 * Address resolution isn't necessary for a point to 1436 * point link, so we can skip this test for a p2p link. 1437 */ 1438 if (gate->sa_family != AF_LINK || 1439 gate->sa_len < 1440 sockaddr_dl_measure(namelen, addrlen)) { 1441 log(LOG_DEBUG, 1442 "nd6_rtrequest: bad gateway value: %s\n", 1443 if_name(ifp)); 1444 break; 1445 } 1446 satosdl(gate)->sdl_type = ifp->if_type; 1447 satosdl(gate)->sdl_index = ifp->if_index; 1448 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1449 } 1450 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1451 1452 /* 1453 * check if rt_getkey(rt) is an address assigned 1454 * to the interface. 1455 */ 1456 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, 1457 &satocsin6(rt_getkey(rt))->sin6_addr); 1458 if (ifa != NULL) { 1459 if (nd6_useloopback) { 1460 rt->rt_ifp = lo0ifp; /* XXX */ 1461 /* 1462 * Make sure rt_ifa be equal to the ifaddr 1463 * corresponding to the address. 1464 * We need this because when we refer 1465 * rt_ifa->ia6_flags in ip6_input, we assume 1466 * that the rt_ifa points to the address instead 1467 * of the loopback address. 1468 */ 1469 if (ifa != rt->rt_ifa) 1470 rt_replace_ifa(rt, ifa); 1471 } 1472 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1473 /* join solicited node multicast for proxy ND */ 1474 if (ifp->if_flags & IFF_MULTICAST) { 1475 struct in6_addr llsol; 1476 int error; 1477 1478 llsol = satocsin6(rt_getkey(rt))->sin6_addr; 1479 llsol.s6_addr32[0] = htonl(0xff020000); 1480 llsol.s6_addr32[1] = 0; 1481 llsol.s6_addr32[2] = htonl(1); 1482 llsol.s6_addr8[12] = 0xff; 1483 if (in6_setscope(&llsol, ifp, NULL)) 1484 goto out; 1485 if (!in6_addmulti(&llsol, ifp, &error, 0)) { 1486 nd6log(LOG_ERR, "%s: failed to join " 1487 "%s (errno=%d)\n", if_name(ifp), 1488 ip6_sprintf(&llsol), error); 1489 } 1490 } 1491 } 1492 1493 out: 1494 /* 1495 * If we have too many cache entries, initiate immediate 1496 * purging for some entries. 1497 */ 1498 if (rt->rt_ifp != NULL) 1499 nd6_gc_neighbors(LLTABLE6(rt->rt_ifp)); 1500 break; 1501 1502 case RTM_DELETE: 1503 /* leave from solicited node multicast for proxy ND */ 1504 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1505 (ifp->if_flags & IFF_MULTICAST) != 0) { 1506 struct in6_addr llsol; 1507 struct in6_multi *in6m; 1508 1509 llsol = satocsin6(rt_getkey(rt))->sin6_addr; 1510 llsol.s6_addr32[0] = htonl(0xff020000); 1511 llsol.s6_addr32[1] = 0; 1512 llsol.s6_addr32[2] = htonl(1); 1513 llsol.s6_addr8[12] = 0xff; 1514 if (in6_setscope(&llsol, ifp, NULL) == 0) { 1515 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1516 if (in6m) 1517 in6_delmulti(in6m); 1518 } 1519 } 1520 break; 1521 } 1522 } 1523 1524 int 1525 nd6_ioctl(u_long cmd, void *data, struct ifnet *ifp) 1526 { 1527 struct in6_drlist *drl = (struct in6_drlist *)data; 1528 struct in6_oprlist *oprl = (struct in6_oprlist *)data; 1529 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1530 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1531 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1532 struct nd_defrouter *dr; 1533 struct nd_prefix *pr; 1534 int i = 0, error = 0; 1535 int s; 1536 1537 switch (cmd) { 1538 case SIOCGDRLST_IN6: 1539 /* 1540 * obsolete API, use sysctl under net.inet6.icmp6 1541 */ 1542 memset(drl, 0, sizeof(*drl)); 1543 s = splsoftnet(); 1544 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) { 1545 if (i >= DRLSTSIZ) 1546 break; 1547 drl->defrouter[i].rtaddr = dr->rtaddr; 1548 in6_clearscope(&drl->defrouter[i].rtaddr); 1549 1550 drl->defrouter[i].flags = dr->flags; 1551 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1552 drl->defrouter[i].expire = dr->expire ? 1553 time_mono_to_wall(dr->expire) : 0; 1554 drl->defrouter[i].if_index = dr->ifp->if_index; 1555 i++; 1556 } 1557 splx(s); 1558 break; 1559 case SIOCGPRLST_IN6: 1560 /* 1561 * obsolete API, use sysctl under net.inet6.icmp6 1562 * 1563 * XXX the structure in6_prlist was changed in backward- 1564 * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6, 1565 * in6_prlist is used for nd6_sysctl() - fill_prlist(). 1566 */ 1567 /* 1568 * XXX meaning of fields, especialy "raflags", is very 1569 * differnet between RA prefix list and RR/static prefix list. 1570 * how about separating ioctls into two? 1571 */ 1572 memset(oprl, 0, sizeof(*oprl)); 1573 s = splsoftnet(); 1574 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1575 struct nd_pfxrouter *pfr; 1576 int j; 1577 1578 if (i >= PRLSTSIZ) 1579 break; 1580 oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr; 1581 oprl->prefix[i].raflags = pr->ndpr_raf; 1582 oprl->prefix[i].prefixlen = pr->ndpr_plen; 1583 oprl->prefix[i].vltime = pr->ndpr_vltime; 1584 oprl->prefix[i].pltime = pr->ndpr_pltime; 1585 oprl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1586 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 1587 oprl->prefix[i].expire = 0; 1588 else { 1589 time_t maxexpire; 1590 1591 /* XXX: we assume time_t is signed. */ 1592 maxexpire = (-1) & 1593 ~((time_t)1 << 1594 ((sizeof(maxexpire) * 8) - 1)); 1595 if (pr->ndpr_vltime < 1596 maxexpire - pr->ndpr_lastupdate) { 1597 time_t expire; 1598 expire = pr->ndpr_lastupdate + 1599 pr->ndpr_vltime; 1600 oprl->prefix[i].expire = expire ? 1601 time_mono_to_wall(expire) : 0; 1602 } else 1603 oprl->prefix[i].expire = maxexpire; 1604 } 1605 1606 j = 0; 1607 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 1608 if (j < DRLSTSIZ) { 1609 #define RTRADDR oprl->prefix[i].advrtr[j] 1610 RTRADDR = pfr->router->rtaddr; 1611 in6_clearscope(&RTRADDR); 1612 #undef RTRADDR 1613 } 1614 j++; 1615 } 1616 oprl->prefix[i].advrtrs = j; 1617 oprl->prefix[i].origin = PR_ORIG_RA; 1618 1619 i++; 1620 } 1621 splx(s); 1622 1623 break; 1624 case OSIOCGIFINFO_IN6: 1625 #define ND ndi->ndi 1626 /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1627 memset(&ND, 0, sizeof(ND)); 1628 ND.linkmtu = IN6_LINKMTU(ifp); 1629 ND.maxmtu = ND_IFINFO(ifp)->maxmtu; 1630 ND.basereachable = ND_IFINFO(ifp)->basereachable; 1631 ND.reachable = ND_IFINFO(ifp)->reachable; 1632 ND.retrans = ND_IFINFO(ifp)->retrans; 1633 ND.flags = ND_IFINFO(ifp)->flags; 1634 ND.recalctm = ND_IFINFO(ifp)->recalctm; 1635 ND.chlim = ND_IFINFO(ifp)->chlim; 1636 break; 1637 case SIOCGIFINFO_IN6: 1638 ND = *ND_IFINFO(ifp); 1639 break; 1640 case SIOCSIFINFO_IN6: 1641 /* 1642 * used to change host variables from userland. 1643 * intented for a use on router to reflect RA configurations. 1644 */ 1645 /* 0 means 'unspecified' */ 1646 if (ND.linkmtu != 0) { 1647 if (ND.linkmtu < IPV6_MMTU || 1648 ND.linkmtu > IN6_LINKMTU(ifp)) { 1649 error = EINVAL; 1650 break; 1651 } 1652 ND_IFINFO(ifp)->linkmtu = ND.linkmtu; 1653 } 1654 1655 if (ND.basereachable != 0) { 1656 int obasereachable = ND_IFINFO(ifp)->basereachable; 1657 1658 ND_IFINFO(ifp)->basereachable = ND.basereachable; 1659 if (ND.basereachable != obasereachable) 1660 ND_IFINFO(ifp)->reachable = 1661 ND_COMPUTE_RTIME(ND.basereachable); 1662 } 1663 if (ND.retrans != 0) 1664 ND_IFINFO(ifp)->retrans = ND.retrans; 1665 if (ND.chlim != 0) 1666 ND_IFINFO(ifp)->chlim = ND.chlim; 1667 /* FALLTHROUGH */ 1668 case SIOCSIFINFO_FLAGS: 1669 { 1670 struct ifaddr *ifa; 1671 struct in6_ifaddr *ia; 1672 1673 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1674 !(ND.flags & ND6_IFF_IFDISABLED)) 1675 { 1676 /* 1677 * If the interface is marked as ND6_IFF_IFDISABLED and 1678 * has a link-local address with IN6_IFF_DUPLICATED, 1679 * do not clear ND6_IFF_IFDISABLED. 1680 * See RFC 4862, section 5.4.5. 1681 */ 1682 int duplicated_linklocal = 0; 1683 1684 IFADDR_FOREACH(ifa, ifp) { 1685 if (ifa->ifa_addr->sa_family != AF_INET6) 1686 continue; 1687 ia = (struct in6_ifaddr *)ifa; 1688 if ((ia->ia6_flags & IN6_IFF_DUPLICATED) && 1689 IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) 1690 { 1691 duplicated_linklocal = 1; 1692 break; 1693 } 1694 } 1695 1696 if (duplicated_linklocal) { 1697 ND.flags |= ND6_IFF_IFDISABLED; 1698 log(LOG_ERR, "Cannot enable an interface" 1699 " with a link-local address marked" 1700 " duplicate.\n"); 1701 } else { 1702 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED; 1703 if (ifp->if_flags & IFF_UP) 1704 in6_if_up(ifp); 1705 } 1706 } else if (!(ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1707 (ND.flags & ND6_IFF_IFDISABLED)) 1708 { 1709 /* Mark all IPv6 addresses as tentative. */ 1710 1711 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1712 IFADDR_FOREACH(ifa, ifp) { 1713 if (ifa->ifa_addr->sa_family != AF_INET6) 1714 continue; 1715 nd6_dad_stop(ifa); 1716 ia = (struct in6_ifaddr *)ifa; 1717 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1718 } 1719 } 1720 1721 if (ND.flags & ND6_IFF_AUTO_LINKLOCAL) { 1722 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL)) { 1723 /* auto_linklocal 0->1 transition */ 1724 1725 ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL; 1726 in6_ifattach(ifp, NULL); 1727 } else if (!(ND.flags & ND6_IFF_IFDISABLED) && 1728 ifp->if_flags & IFF_UP) 1729 { 1730 /* 1731 * When the IF already has 1732 * ND6_IFF_AUTO_LINKLOCAL, no link-local 1733 * address is assigned, and IFF_UP, try to 1734 * assign one. 1735 */ 1736 int haslinklocal = 0; 1737 1738 IFADDR_FOREACH(ifa, ifp) { 1739 if (ifa->ifa_addr->sa_family !=AF_INET6) 1740 continue; 1741 ia = (struct in6_ifaddr *)ifa; 1742 if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))){ 1743 haslinklocal = 1; 1744 break; 1745 } 1746 } 1747 if (!haslinklocal) 1748 in6_ifattach(ifp, NULL); 1749 } 1750 } 1751 } 1752 ND_IFINFO(ifp)->flags = ND.flags; 1753 break; 1754 #undef ND 1755 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1756 /* sync kernel routing table with the default router list */ 1757 defrouter_reset(); 1758 defrouter_select(); 1759 break; 1760 case SIOCSPFXFLUSH_IN6: 1761 { 1762 /* flush all the prefix advertised by routers */ 1763 struct nd_prefix *pfx, *next; 1764 1765 s = splsoftnet(); 1766 LIST_FOREACH_SAFE(pfx, &nd_prefix, ndpr_entry, next) { 1767 struct in6_ifaddr *ia, *ia_next; 1768 1769 if (IN6_IS_ADDR_LINKLOCAL(&pfx->ndpr_prefix.sin6_addr)) 1770 continue; /* XXX */ 1771 1772 /* do we really have to remove addresses as well? */ 1773 for (ia = in6_ifaddr; ia; ia = ia_next) { 1774 /* ia might be removed. keep the next ptr. */ 1775 ia_next = ia->ia_next; 1776 1777 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1778 continue; 1779 1780 if (ia->ia6_ndpr == pfx) 1781 in6_purgeaddr(&ia->ia_ifa); 1782 } 1783 prelist_remove(pfx); 1784 } 1785 splx(s); 1786 break; 1787 } 1788 case SIOCSRTRFLUSH_IN6: 1789 { 1790 /* flush all the default routers */ 1791 struct nd_defrouter *drtr, *next; 1792 1793 s = splsoftnet(); 1794 defrouter_reset(); 1795 TAILQ_FOREACH_SAFE(drtr, &nd_defrouter, dr_entry, next) { 1796 defrtrlist_del(drtr, NULL); 1797 } 1798 defrouter_select(); 1799 splx(s); 1800 break; 1801 } 1802 case SIOCGNBRINFO_IN6: 1803 { 1804 struct llentry *ln; 1805 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1806 1807 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0) 1808 return error; 1809 1810 ln = nd6_lookup(&nb_addr, ifp, false); 1811 if (ln == NULL) { 1812 error = EINVAL; 1813 break; 1814 } 1815 nbi->state = ln->ln_state; 1816 nbi->asked = ln->ln_asked; 1817 nbi->isrouter = ln->ln_router; 1818 nbi->expire = ln->ln_expire ? 1819 time_mono_to_wall(ln->ln_expire) : 0; 1820 LLE_RUNLOCK(ln); 1821 1822 break; 1823 } 1824 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1825 ndif->ifindex = nd6_defifindex; 1826 break; 1827 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1828 return nd6_setdefaultiface(ndif->ifindex); 1829 } 1830 return error; 1831 } 1832 1833 void 1834 nd6_llinfo_release_pkts(struct llentry *ln, struct ifnet *ifp) 1835 { 1836 struct mbuf *m_hold, *m_hold_next; 1837 struct sockaddr_in6 sin6; 1838 1839 LLE_WLOCK_ASSERT(ln); 1840 1841 sockaddr_in6_init(&sin6, &ln->r_l3addr.addr6, 0, 0, 0); 1842 1843 m_hold = ln->la_hold, ln->la_hold = NULL, ln->la_numheld = 0; 1844 1845 LLE_WUNLOCK(ln); 1846 for (; m_hold != NULL; m_hold = m_hold_next) { 1847 m_hold_next = m_hold->m_nextpkt; 1848 m_hold->m_nextpkt = NULL; 1849 1850 /* 1851 * we assume ifp is not a p2p here, so 1852 * just set the 2nd argument as the 1853 * 1st one. 1854 */ 1855 nd6_output(ifp, ifp, m_hold, &sin6, NULL); 1856 } 1857 LLE_WLOCK(ln); 1858 } 1859 1860 /* 1861 * Create neighbor cache entry and cache link-layer address, 1862 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1863 */ 1864 void 1865 nd6_cache_lladdr( 1866 struct ifnet *ifp, 1867 struct in6_addr *from, 1868 char *lladdr, 1869 int lladdrlen, 1870 int type, /* ICMP6 type */ 1871 int code /* type dependent information */ 1872 ) 1873 { 1874 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 1875 struct llentry *ln = NULL; 1876 int is_newentry; 1877 int do_update; 1878 int olladdr; 1879 int llchange; 1880 int newstate = 0; 1881 uint16_t router = 0; 1882 1883 KASSERT(ifp != NULL); 1884 KASSERT(from != NULL); 1885 1886 /* nothing must be updated for unspecified address */ 1887 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1888 return; 1889 1890 /* 1891 * Validation about ifp->if_addrlen and lladdrlen must be done in 1892 * the caller. 1893 * 1894 * XXX If the link does not have link-layer adderss, what should 1895 * we do? (ifp->if_addrlen == 0) 1896 * Spec says nothing in sections for RA, RS and NA. There's small 1897 * description on it in NS section (RFC 2461 7.2.3). 1898 */ 1899 1900 ln = nd6_lookup(from, ifp, true); 1901 if (ln == NULL) { 1902 #if 0 1903 /* nothing must be done if there's no lladdr */ 1904 if (!lladdr || !lladdrlen) 1905 return NULL; 1906 #endif 1907 1908 ln = nd6_create(from, ifp); 1909 is_newentry = 1; 1910 } else { 1911 /* do nothing if static ndp is set */ 1912 if (ln->la_flags & LLE_STATIC) { 1913 LLE_WUNLOCK(ln); 1914 return; 1915 } 1916 is_newentry = 0; 1917 } 1918 1919 if (ln == NULL) 1920 return; 1921 1922 olladdr = (ln->la_flags & LLE_VALID) ? 1 : 0; 1923 if (olladdr && lladdr) { 1924 llchange = memcmp(lladdr, &ln->ll_addr, ifp->if_addrlen); 1925 } else 1926 llchange = 0; 1927 1928 /* 1929 * newentry olladdr lladdr llchange (*=record) 1930 * 0 n n -- (1) 1931 * 0 y n -- (2) 1932 * 0 n y -- (3) * STALE 1933 * 0 y y n (4) * 1934 * 0 y y y (5) * STALE 1935 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1936 * 1 -- y -- (7) * STALE 1937 */ 1938 1939 if (lladdr) { /* (3-5) and (7) */ 1940 /* 1941 * Record source link-layer address 1942 * XXX is it dependent to ifp->if_type? 1943 */ 1944 memcpy(&ln->ll_addr, lladdr, ifp->if_addrlen); 1945 ln->la_flags |= LLE_VALID; 1946 } 1947 1948 if (!is_newentry) { 1949 if ((!olladdr && lladdr) || /* (3) */ 1950 (olladdr && lladdr && llchange)) { /* (5) */ 1951 do_update = 1; 1952 newstate = ND6_LLINFO_STALE; 1953 } else /* (1-2,4) */ 1954 do_update = 0; 1955 } else { 1956 do_update = 1; 1957 if (lladdr == NULL) /* (6) */ 1958 newstate = ND6_LLINFO_NOSTATE; 1959 else /* (7) */ 1960 newstate = ND6_LLINFO_STALE; 1961 } 1962 1963 if (do_update) { 1964 /* 1965 * Update the state of the neighbor cache. 1966 */ 1967 ln->ln_state = newstate; 1968 1969 if (ln->ln_state == ND6_LLINFO_STALE) { 1970 /* 1971 * XXX: since nd6_output() below will cause 1972 * state tansition to DELAY and reset the timer, 1973 * we must set the timer now, although it is actually 1974 * meaningless. 1975 */ 1976 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 1977 1978 nd6_llinfo_release_pkts(ln, ifp); 1979 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1980 /* probe right away */ 1981 nd6_llinfo_settimer((void *)ln, 0); 1982 } 1983 } 1984 1985 /* 1986 * ICMP6 type dependent behavior. 1987 * 1988 * NS: clear IsRouter if new entry 1989 * RS: clear IsRouter 1990 * RA: set IsRouter if there's lladdr 1991 * redir: clear IsRouter if new entry 1992 * 1993 * RA case, (1): 1994 * The spec says that we must set IsRouter in the following cases: 1995 * - If lladdr exist, set IsRouter. This means (1-5). 1996 * - If it is old entry (!newentry), set IsRouter. This means (7). 1997 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1998 * A quetion arises for (1) case. (1) case has no lladdr in the 1999 * neighbor cache, this is similar to (6). 2000 * This case is rare but we figured that we MUST NOT set IsRouter. 2001 * 2002 * newentry olladdr lladdr llchange NS RS RA redir 2003 * D R 2004 * 0 n n -- (1) c ? s 2005 * 0 y n -- (2) c s s 2006 * 0 n y -- (3) c s s 2007 * 0 y y n (4) c s s 2008 * 0 y y y (5) c s s 2009 * 1 -- n -- (6) c c c s 2010 * 1 -- y -- (7) c c s c s 2011 * 2012 * (c=clear s=set) 2013 */ 2014 switch (type & 0xff) { 2015 case ND_NEIGHBOR_SOLICIT: 2016 /* 2017 * New entry must have is_router flag cleared. 2018 */ 2019 if (is_newentry) /* (6-7) */ 2020 ln->ln_router = 0; 2021 break; 2022 case ND_REDIRECT: 2023 /* 2024 * If the icmp is a redirect to a better router, always set the 2025 * is_router flag. Otherwise, if the entry is newly created, 2026 * clear the flag. [RFC 2461, sec 8.3] 2027 */ 2028 if (code == ND_REDIRECT_ROUTER) 2029 ln->ln_router = 1; 2030 else if (is_newentry) /* (6-7) */ 2031 ln->ln_router = 0; 2032 break; 2033 case ND_ROUTER_SOLICIT: 2034 /* 2035 * is_router flag must always be cleared. 2036 */ 2037 ln->ln_router = 0; 2038 break; 2039 case ND_ROUTER_ADVERT: 2040 /* 2041 * Mark an entry with lladdr as a router. 2042 */ 2043 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 2044 (is_newentry && lladdr)) { /* (7) */ 2045 ln->ln_router = 1; 2046 } 2047 break; 2048 } 2049 2050 #if 0 2051 /* XXX should we send rtmsg as it used to be? */ 2052 if (do_update) 2053 rt_newmsg(RTM_CHANGE, rt); /* tell user process */ 2054 #endif 2055 2056 if (ln != NULL) { 2057 router = ln->ln_router; 2058 LLE_WUNLOCK(ln); 2059 } 2060 2061 /* 2062 * If we have too many cache entries, initiate immediate 2063 * purging for some entries. 2064 */ 2065 if (is_newentry) 2066 nd6_gc_neighbors(LLTABLE6(ifp)); 2067 2068 /* 2069 * When the link-layer address of a router changes, select the 2070 * best router again. In particular, when the neighbor entry is newly 2071 * created, it might affect the selection policy. 2072 * Question: can we restrict the first condition to the "is_newentry" 2073 * case? 2074 * XXX: when we hear an RA from a new router with the link-layer 2075 * address option, defrouter_select() is called twice, since 2076 * defrtrlist_update called the function as well. However, I believe 2077 * we can compromise the overhead, since it only happens the first 2078 * time. 2079 * XXX: although defrouter_select() should not have a bad effect 2080 * for those are not autoconfigured hosts, we explicitly avoid such 2081 * cases for safety. 2082 */ 2083 if (do_update && router && !ip6_forwarding && 2084 nd6_accepts_rtadv(ndi)) 2085 defrouter_select(); 2086 } 2087 2088 static void 2089 nd6_slowtimo(void *ignored_arg) 2090 { 2091 struct nd_ifinfo *nd6if; 2092 struct ifnet *ifp; 2093 int s; 2094 2095 mutex_enter(softnet_lock); 2096 KERNEL_LOCK(1, NULL); 2097 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 2098 nd6_slowtimo, NULL); 2099 2100 s = pserialize_read_enter(); 2101 IFNET_READER_FOREACH(ifp) { 2102 nd6if = ND_IFINFO(ifp); 2103 if (nd6if->basereachable && /* already initialized */ 2104 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 2105 /* 2106 * Since reachable time rarely changes by router 2107 * advertisements, we SHOULD insure that a new random 2108 * value gets recomputed at least once every few hours. 2109 * (RFC 2461, 6.3.4) 2110 */ 2111 nd6if->recalctm = nd6_recalc_reachtm_interval; 2112 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 2113 } 2114 } 2115 pserialize_read_exit(s); 2116 2117 KERNEL_UNLOCK_ONE(NULL); 2118 mutex_exit(softnet_lock); 2119 } 2120 2121 int 2122 nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m, 2123 const struct sockaddr_in6 *dst, struct rtentry *rt) 2124 { 2125 #define senderr(e) { error = (e); goto bad;} 2126 struct llentry *ln = NULL; 2127 int error = 0; 2128 bool created = false; 2129 2130 if (rt != NULL) { 2131 error = rt_check_reject_route(rt, ifp); 2132 if (error != 0) { 2133 m_freem(m); 2134 return error; 2135 } 2136 } 2137 2138 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 2139 goto sendpkt; 2140 2141 if (nd6_need_cache(ifp) == 0) 2142 goto sendpkt; 2143 2144 if (rt != NULL && (rt->rt_flags & RTF_GATEWAY) != 0) { 2145 struct sockaddr_in6 *gw6 = satosin6(rt->rt_gateway); 2146 2147 /* XXX remain the check to keep the original behavior. */ 2148 /* 2149 * We skip link-layer address resolution and NUD 2150 * if the gateway is not a neighbor from ND point 2151 * of view, regardless of the value of nd_ifinfo.flags. 2152 * The second condition is a bit tricky; we skip 2153 * if the gateway is our own address, which is 2154 * sometimes used to install a route to a p2p link. 2155 */ 2156 if (!nd6_is_addr_neighbor(gw6, ifp) || 2157 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) { 2158 /* 2159 * We allow this kind of tricky route only 2160 * when the outgoing interface is p2p. 2161 * XXX: we may need a more generic rule here. 2162 */ 2163 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 2164 senderr(EHOSTUNREACH); 2165 2166 goto sendpkt; 2167 } 2168 } 2169 2170 /* 2171 * Address resolution or Neighbor Unreachability Detection 2172 * for the next hop. 2173 * At this point, the destination of the packet must be a unicast 2174 * or an anycast address(i.e. not a multicast). 2175 */ 2176 2177 /* Look up the neighbor cache for the nexthop */ 2178 ln = nd6_lookup(&dst->sin6_addr, ifp, true); 2179 if ((ln == NULL) && nd6_is_addr_neighbor(dst, ifp)) { 2180 /* 2181 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 2182 * the condition below is not very efficient. But we believe 2183 * it is tolerable, because this should be a rare case. 2184 */ 2185 ln = nd6_create(&dst->sin6_addr, ifp); 2186 if (ln != NULL) 2187 created = true; 2188 } 2189 2190 if (ln == NULL) { 2191 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 2192 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) { 2193 log(LOG_DEBUG, 2194 "nd6_output: can't allocate llinfo for %s " 2195 "(ln=%p, rt=%p)\n", 2196 ip6_sprintf(&dst->sin6_addr), ln, rt); 2197 senderr(EIO); /* XXX: good error? */ 2198 } 2199 goto sendpkt; /* send anyway */ 2200 } 2201 2202 LLE_WLOCK_ASSERT(ln); 2203 2204 /* We don't have to do link-layer address resolution on a p2p link. */ 2205 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 2206 ln->ln_state < ND6_LLINFO_REACHABLE) { 2207 ln->ln_state = ND6_LLINFO_STALE; 2208 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 2209 } 2210 2211 /* 2212 * The first time we send a packet to a neighbor whose entry is 2213 * STALE, we have to change the state to DELAY and a sets a timer to 2214 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 2215 * neighbor unreachability detection on expiration. 2216 * (RFC 2461 7.3.3) 2217 */ 2218 if (ln->ln_state == ND6_LLINFO_STALE) { 2219 ln->ln_asked = 0; 2220 ln->ln_state = ND6_LLINFO_DELAY; 2221 nd6_llinfo_settimer(ln, nd6_delay * hz); 2222 } 2223 2224 /* 2225 * If the neighbor cache entry has a state other than INCOMPLETE 2226 * (i.e. its link-layer address is already resolved), just 2227 * send the packet. 2228 */ 2229 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 2230 goto sendpkt; 2231 2232 /* 2233 * There is a neighbor cache entry, but no ethernet address 2234 * response yet. Append this latest packet to the end of the 2235 * packet queue in the mbuf, unless the number of the packet 2236 * does not exceed nd6_maxqueuelen. When it exceeds nd6_maxqueuelen, 2237 * the oldest packet in the queue will be removed. 2238 */ 2239 if (ln->ln_state == ND6_LLINFO_NOSTATE) 2240 ln->ln_state = ND6_LLINFO_INCOMPLETE; 2241 if (ln->ln_hold) { 2242 struct mbuf *m_hold; 2243 int i; 2244 2245 i = 0; 2246 for (m_hold = ln->ln_hold; m_hold; m_hold = m_hold->m_nextpkt) { 2247 i++; 2248 if (m_hold->m_nextpkt == NULL) { 2249 m_hold->m_nextpkt = m; 2250 break; 2251 } 2252 } 2253 while (i >= nd6_maxqueuelen) { 2254 m_hold = ln->ln_hold; 2255 ln->ln_hold = ln->ln_hold->m_nextpkt; 2256 m_freem(m_hold); 2257 i--; 2258 } 2259 } else { 2260 ln->ln_hold = m; 2261 } 2262 2263 /* 2264 * If there has been no NS for the neighbor after entering the 2265 * INCOMPLETE state, send the first solicitation. 2266 */ 2267 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 2268 struct in6_addr src, *psrc; 2269 2270 ln->ln_asked++; 2271 nd6_llinfo_settimer(ln, ND_IFINFO(ifp)->retrans * hz / 1000); 2272 psrc = nd6_llinfo_get_holdsrc(ln, &src); 2273 LLE_WUNLOCK(ln); 2274 ln = NULL; 2275 nd6_ns_output(ifp, NULL, &dst->sin6_addr, psrc, 0); 2276 } else { 2277 /* We did the lookup so we need to do the unlock here. */ 2278 LLE_WUNLOCK(ln); 2279 } 2280 2281 error = 0; 2282 goto exit; 2283 2284 sendpkt: 2285 /* discard the packet if IPv6 operation is disabled on the interface */ 2286 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { 2287 error = ENETDOWN; /* better error? */ 2288 goto bad; 2289 } 2290 2291 if (ln != NULL) 2292 LLE_WUNLOCK(ln); 2293 2294 #ifndef NET_MPSAFE 2295 KERNEL_LOCK(1, NULL); 2296 #endif 2297 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2298 error = (*ifp->if_output)(origifp, m, sin6tocsa(dst), rt); 2299 else 2300 error = (*ifp->if_output)(ifp, m, sin6tocsa(dst), rt); 2301 #ifndef NET_MPSAFE 2302 KERNEL_UNLOCK_ONE(NULL); 2303 #endif 2304 goto exit; 2305 2306 bad: 2307 if (m != NULL) 2308 m_freem(m); 2309 exit: 2310 if (created) 2311 nd6_gc_neighbors(LLTABLE6(ifp)); 2312 2313 return error; 2314 #undef senderr 2315 } 2316 2317 int 2318 nd6_need_cache(struct ifnet *ifp) 2319 { 2320 /* 2321 * XXX: we currently do not make neighbor cache on any interface 2322 * other than ARCnet, Ethernet, FDDI and GIF. 2323 * 2324 * RFC2893 says: 2325 * - unidirectional tunnels needs no ND 2326 */ 2327 switch (ifp->if_type) { 2328 case IFT_ARCNET: 2329 case IFT_ETHER: 2330 case IFT_FDDI: 2331 case IFT_IEEE1394: 2332 case IFT_CARP: 2333 case IFT_GIF: /* XXX need more cases? */ 2334 case IFT_PPP: 2335 case IFT_TUNNEL: 2336 return 1; 2337 default: 2338 return 0; 2339 } 2340 } 2341 2342 /* 2343 * Add pernament ND6 link-layer record for given 2344 * interface address. 2345 * 2346 * Very similar to IPv4 arp_ifinit(), but: 2347 * 1) IPv6 DAD is performed in different place 2348 * 2) It is called by IPv6 protocol stack in contrast to 2349 * arp_ifinit() which is typically called in SIOCSIFADDR 2350 * driver ioctl handler. 2351 * 2352 */ 2353 int 2354 nd6_add_ifa_lle(struct in6_ifaddr *ia) 2355 { 2356 struct ifnet *ifp; 2357 struct llentry *ln; 2358 2359 ifp = ia->ia_ifa.ifa_ifp; 2360 if (nd6_need_cache(ifp) == 0) 2361 return 0; 2362 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 2363 ia->ia_ifa.ifa_flags = RTF_CONNECTED; 2364 2365 IF_AFDATA_WLOCK(ifp); 2366 ln = lla_create(LLTABLE6(ifp), LLE_IFADDR | LLE_EXCLUSIVE, 2367 (struct sockaddr *)&ia->ia_addr); 2368 IF_AFDATA_WUNLOCK(ifp); 2369 if (ln == NULL) 2370 return ENOBUFS; 2371 2372 ln->la_expire = 0; /* for IPv6 this means permanent */ 2373 ln->ln_state = ND6_LLINFO_REACHABLE; 2374 2375 LLE_WUNLOCK(ln); 2376 return 0; 2377 } 2378 2379 /* 2380 * Removes ALL lle records for interface address prefix. 2381 * XXXME: That's probably not we really want to do, we need 2382 * to remove address record only and keep other records 2383 * until we determine if given prefix is really going 2384 * to be removed. 2385 */ 2386 void 2387 nd6_rem_ifa_lle(struct in6_ifaddr *ia) 2388 { 2389 struct sockaddr_in6 mask, addr; 2390 2391 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 2392 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 2393 lltable_prefix_free(AF_INET6, (struct sockaddr *)&addr, 2394 (struct sockaddr *)&mask, LLE_STATIC); 2395 } 2396 2397 int 2398 nd6_storelladdr(const struct ifnet *ifp, const struct rtentry *rt, 2399 struct mbuf *m, const struct sockaddr *dst, uint8_t *lldst, 2400 size_t dstsize) 2401 { 2402 struct llentry *ln; 2403 2404 if (m->m_flags & M_MCAST) { 2405 switch (ifp->if_type) { 2406 case IFT_ETHER: 2407 case IFT_FDDI: 2408 ETHER_MAP_IPV6_MULTICAST(&satocsin6(dst)->sin6_addr, 2409 lldst); 2410 return 1; 2411 case IFT_IEEE1394: 2412 memcpy(lldst, ifp->if_broadcastaddr, 2413 MIN(dstsize, ifp->if_addrlen)); 2414 return 1; 2415 case IFT_ARCNET: 2416 *lldst = 0; 2417 return 1; 2418 default: 2419 m_freem(m); 2420 return 0; 2421 } 2422 } 2423 2424 /* 2425 * the entry should have been created in nd6_store_lladdr 2426 */ 2427 ln = nd6_lookup(&satocsin6(dst)->sin6_addr, ifp, false); 2428 if ((ln == NULL) || !(ln->la_flags & LLE_VALID)) { 2429 if (ln != NULL) 2430 LLE_RUNLOCK(ln); 2431 /* this could happen, if we could not allocate memory */ 2432 m_freem(m); 2433 return 0; 2434 } 2435 2436 /* XXX llentry should have addrlen? */ 2437 #if 0 2438 sdl = satocsdl(rt->rt_gateway); 2439 if (sdl->sdl_alen == 0 || sdl->sdl_alen > dstsize) { 2440 char sbuf[INET6_ADDRSTRLEN]; 2441 char dbuf[LINK_ADDRSTRLEN]; 2442 /* this should be impossible, but we bark here for debugging */ 2443 printf("%s: sdl_alen == %" PRIu8 ", if=%s, dst=%s, sdl=%s\n", 2444 __func__, sdl->sdl_alen, if_name(ifp), 2445 IN6_PRINT(sbuf, &satocsin6(dst)->sin6_addr), 2446 DL_PRINT(dbuf, &sdl->sdl_addr)); 2447 m_freem(m); 2448 return 0; 2449 } 2450 #endif 2451 2452 memcpy(lldst, &ln->ll_addr, MIN(dstsize, ifp->if_addrlen)); 2453 2454 LLE_RUNLOCK(ln); 2455 2456 return 1; 2457 } 2458 2459 static void 2460 clear_llinfo_pqueue(struct llentry *ln) 2461 { 2462 struct mbuf *m_hold, *m_hold_next; 2463 2464 for (m_hold = ln->ln_hold; m_hold; m_hold = m_hold_next) { 2465 m_hold_next = m_hold->m_nextpkt; 2466 m_hold->m_nextpkt = NULL; 2467 m_freem(m_hold); 2468 } 2469 2470 ln->ln_hold = NULL; 2471 return; 2472 } 2473 2474 int 2475 nd6_sysctl( 2476 int name, 2477 void *oldp, /* syscall arg, need copyout */ 2478 size_t *oldlenp, 2479 void *newp, /* syscall arg, need copyin */ 2480 size_t newlen 2481 ) 2482 { 2483 void *p; 2484 size_t ol; 2485 int error; 2486 2487 error = 0; 2488 2489 if (newp) 2490 return EPERM; 2491 if (oldp && !oldlenp) 2492 return EINVAL; 2493 ol = oldlenp ? *oldlenp : 0; 2494 2495 if (oldp) { 2496 p = malloc(*oldlenp, M_TEMP, M_WAITOK); 2497 if (p == NULL) 2498 return ENOMEM; 2499 } else 2500 p = NULL; 2501 switch (name) { 2502 case ICMPV6CTL_ND6_DRLIST: 2503 error = fill_drlist(p, oldlenp, ol); 2504 if (!error && p != NULL && oldp != NULL) 2505 error = copyout(p, oldp, *oldlenp); 2506 break; 2507 2508 case ICMPV6CTL_ND6_PRLIST: 2509 error = fill_prlist(p, oldlenp, ol); 2510 if (!error && p != NULL && oldp != NULL) 2511 error = copyout(p, oldp, *oldlenp); 2512 break; 2513 2514 case ICMPV6CTL_ND6_MAXQLEN: 2515 break; 2516 2517 default: 2518 error = ENOPROTOOPT; 2519 break; 2520 } 2521 if (p) 2522 free(p, M_TEMP); 2523 2524 return error; 2525 } 2526 2527 static int 2528 fill_drlist(void *oldp, size_t *oldlenp, size_t ol) 2529 { 2530 int error = 0, s; 2531 struct in6_defrouter *d = NULL, *de = NULL; 2532 struct nd_defrouter *dr; 2533 size_t l; 2534 2535 s = splsoftnet(); 2536 2537 if (oldp) { 2538 d = (struct in6_defrouter *)oldp; 2539 de = (struct in6_defrouter *)((char *)oldp + *oldlenp); 2540 } 2541 l = 0; 2542 2543 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) { 2544 2545 if (oldp && d + 1 <= de) { 2546 memset(d, 0, sizeof(*d)); 2547 sockaddr_in6_init(&d->rtaddr, &dr->rtaddr, 0, 0, 0); 2548 if (sa6_recoverscope(&d->rtaddr)) { 2549 log(LOG_ERR, 2550 "scope error in router list (%s)\n", 2551 ip6_sprintf(&d->rtaddr.sin6_addr)); 2552 /* XXX: press on... */ 2553 } 2554 d->flags = dr->flags; 2555 d->rtlifetime = dr->rtlifetime; 2556 d->expire = dr->expire ? 2557 time_mono_to_wall(dr->expire) : 0; 2558 d->if_index = dr->ifp->if_index; 2559 } 2560 2561 l += sizeof(*d); 2562 if (d) 2563 d++; 2564 } 2565 2566 if (oldp) { 2567 if (l > ol) 2568 error = ENOMEM; 2569 } 2570 if (oldlenp) 2571 *oldlenp = l; /* (void *)d - (void *)oldp */ 2572 2573 splx(s); 2574 2575 return error; 2576 } 2577 2578 static int 2579 fill_prlist(void *oldp, size_t *oldlenp, size_t ol) 2580 { 2581 int error = 0, s; 2582 struct nd_prefix *pr; 2583 uint8_t *p = NULL, *ps = NULL; 2584 uint8_t *pe = NULL; 2585 size_t l; 2586 2587 s = splsoftnet(); 2588 2589 if (oldp) { 2590 ps = p = (uint8_t*)oldp; 2591 pe = (uint8_t*)oldp + *oldlenp; 2592 } 2593 l = 0; 2594 2595 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 2596 u_short advrtrs; 2597 struct sockaddr_in6 sin6; 2598 struct nd_pfxrouter *pfr; 2599 struct in6_prefix pfx; 2600 2601 if (oldp && p + sizeof(struct in6_prefix) <= pe) 2602 { 2603 memset(&pfx, 0, sizeof(pfx)); 2604 ps = p; 2605 pfx.prefix = pr->ndpr_prefix; 2606 2607 if (sa6_recoverscope(&pfx.prefix)) { 2608 log(LOG_ERR, 2609 "scope error in prefix list (%s)\n", 2610 ip6_sprintf(&pfx.prefix.sin6_addr)); 2611 /* XXX: press on... */ 2612 } 2613 pfx.raflags = pr->ndpr_raf; 2614 pfx.prefixlen = pr->ndpr_plen; 2615 pfx.vltime = pr->ndpr_vltime; 2616 pfx.pltime = pr->ndpr_pltime; 2617 pfx.if_index = pr->ndpr_ifp->if_index; 2618 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2619 pfx.expire = 0; 2620 else { 2621 time_t maxexpire; 2622 2623 /* XXX: we assume time_t is signed. */ 2624 maxexpire = (-1) & 2625 ~((time_t)1 << 2626 ((sizeof(maxexpire) * 8) - 1)); 2627 if (pr->ndpr_vltime < 2628 maxexpire - pr->ndpr_lastupdate) { 2629 pfx.expire = pr->ndpr_lastupdate + 2630 pr->ndpr_vltime; 2631 } else 2632 pfx.expire = maxexpire; 2633 } 2634 pfx.refcnt = pr->ndpr_refcnt; 2635 pfx.flags = pr->ndpr_stateflags; 2636 pfx.origin = PR_ORIG_RA; 2637 2638 p += sizeof(pfx); l += sizeof(pfx); 2639 2640 advrtrs = 0; 2641 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2642 if (p + sizeof(sin6) > pe) { 2643 advrtrs++; 2644 continue; 2645 } 2646 2647 sockaddr_in6_init(&sin6, &pfr->router->rtaddr, 2648 0, 0, 0); 2649 if (sa6_recoverscope(&sin6)) { 2650 log(LOG_ERR, 2651 "scope error in " 2652 "prefix list (%s)\n", 2653 ip6_sprintf(&pfr->router->rtaddr)); 2654 } 2655 advrtrs++; 2656 memcpy(p, &sin6, sizeof(sin6)); 2657 p += sizeof(sin6); 2658 l += sizeof(sin6); 2659 } 2660 pfx.advrtrs = advrtrs; 2661 memcpy(ps, &pfx, sizeof(pfx)); 2662 } 2663 else { 2664 l += sizeof(pfx); 2665 advrtrs = 0; 2666 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2667 advrtrs++; 2668 l += sizeof(sin6); 2669 } 2670 } 2671 } 2672 2673 if (oldp) { 2674 *oldlenp = l; /* (void *)d - (void *)oldp */ 2675 if (l > ol) 2676 error = ENOMEM; 2677 } else 2678 *oldlenp = l; 2679 2680 splx(s); 2681 2682 return error; 2683 } 2684