1 /* $NetBSD: nd6.c,v 1.279 2022/09/01 18:32:17 riastradh Exp $ */ 2 /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.279 2022/09/01 18:32:17 riastradh Exp $"); 35 36 #ifdef _KERNEL_OPT 37 #include "opt_compat_netbsd.h" 38 #include "opt_net_mpsafe.h" 39 #endif 40 41 #include "bridge.h" 42 #include "carp.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/callout.h> 47 #include <sys/kmem.h> 48 #include <sys/mbuf.h> 49 #include <sys/socket.h> 50 #include <sys/socketvar.h> 51 #include <sys/sockio.h> 52 #include <sys/time.h> 53 #include <sys/kernel.h> 54 #include <sys/errno.h> 55 #include <sys/ioctl.h> 56 #include <sys/syslog.h> 57 #include <sys/queue.h> 58 #include <sys/cprng.h> 59 #include <sys/workqueue.h> 60 61 #include <net/if.h> 62 #include <net/if_dl.h> 63 #include <net/if_llatbl.h> 64 #include <net/if_types.h> 65 #include <net/nd.h> 66 #include <net/route.h> 67 #include <net/if_ether.h> 68 #include <net/if_arc.h> 69 70 #include <netinet/in.h> 71 #include <netinet6/in6_var.h> 72 #include <netinet/ip6.h> 73 #include <netinet6/ip6_var.h> 74 #include <netinet6/scope6_var.h> 75 #include <netinet6/nd6.h> 76 #include <netinet6/in6_ifattach.h> 77 #include <netinet/icmp6.h> 78 #include <netinet6/icmp6_private.h> 79 80 #ifdef COMPAT_90 81 #include <compat/netinet6/in6_var.h> 82 #include <compat/netinet6/nd6.h> 83 #endif 84 85 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 86 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 87 88 /* timer values */ 89 int nd6_prune = 1; /* walk list every 1 seconds */ 90 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 91 92 /* preventing too many loops in ND option parsing */ 93 int nd6_maxndopt = 10; /* max # of ND options allowed */ 94 95 #ifdef ND6_DEBUG 96 int nd6_debug = 1; 97 #else 98 int nd6_debug = 0; 99 #endif 100 101 krwlock_t nd6_lock __cacheline_aligned; 102 103 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 104 105 static void nd6_slowtimo(void *); 106 static void nd6_free(struct llentry *, int); 107 static bool nd6_nud_enabled(struct ifnet *); 108 static unsigned int nd6_llinfo_reachable(struct ifnet *); 109 static unsigned int nd6_llinfo_retrans(struct ifnet *); 110 static union l3addr *nd6_llinfo_holdsrc(struct llentry *, union l3addr *); 111 static void nd6_llinfo_output(struct ifnet *, const union l3addr *, 112 const union l3addr *, const uint8_t *, const union l3addr *); 113 static void nd6_llinfo_missed(struct ifnet *, const union l3addr *, 114 int16_t, struct mbuf *); 115 static void nd6_timer(void *); 116 static void nd6_timer_work(struct work *, void *); 117 static struct nd_opt_hdr *nd6_option(union nd_opts *); 118 119 static callout_t nd6_slowtimo_ch; 120 static callout_t nd6_timer_ch; 121 static struct workqueue *nd6_timer_wq; 122 static struct work nd6_timer_wk; 123 124 struct nd_domain nd6_nd_domain = { 125 .nd_family = AF_INET6, 126 .nd_delay = 5, /* delay first probe time 5 second */ 127 .nd_mmaxtries = 3, /* maximum unicast query */ 128 .nd_umaxtries = 3, /* maximum multicast query */ 129 .nd_retransmultiple = BACKOFF_MULTIPLE, 130 .nd_maxretrans = MAX_RETRANS_TIMER, 131 .nd_maxnudhint = 0, /* max # of subsequent upper layer hints */ 132 .nd_maxqueuelen = 1, /* max # of packets in unresolved ND entries */ 133 .nd_nud_enabled = nd6_nud_enabled, 134 .nd_reachable = nd6_llinfo_reachable, 135 .nd_retrans = nd6_llinfo_retrans, 136 .nd_holdsrc = nd6_llinfo_holdsrc, 137 .nd_output = nd6_llinfo_output, 138 .nd_missed = nd6_llinfo_missed, 139 .nd_free = nd6_free, 140 }; 141 142 MALLOC_DEFINE(M_IP6NDP, "NDP", "IPv6 Neighbour Discovery"); 143 144 void 145 nd6_init(void) 146 { 147 int error; 148 149 nd_attach_domain(&nd6_nd_domain); 150 nd6_nbr_init(); 151 152 rw_init(&nd6_lock); 153 154 callout_init(&nd6_slowtimo_ch, CALLOUT_MPSAFE); 155 callout_init(&nd6_timer_ch, CALLOUT_MPSAFE); 156 157 error = workqueue_create(&nd6_timer_wq, "nd6_timer", 158 nd6_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 159 if (error) 160 panic("%s: workqueue_create failed (%d)\n", __func__, error); 161 162 /* start timer */ 163 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 164 nd6_slowtimo, NULL); 165 callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); 166 } 167 168 struct nd_kifinfo * 169 nd6_ifattach(struct ifnet *ifp) 170 { 171 struct nd_kifinfo *nd; 172 173 nd = kmem_zalloc(sizeof(*nd), KM_SLEEP); 174 175 nd->chlim = IPV6_DEFHLIM; 176 nd->basereachable = REACHABLE_TIME; 177 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 178 nd->retrans = RETRANS_TIMER; 179 180 nd->flags = ND6_IFF_PERFORMNUD; 181 182 /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. 183 * A bridge interface should not have ND6_IFF_AUTO_LINKLOCAL 184 * because one of its members should. */ 185 if ((ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) || 186 (ifp->if_flags & IFF_LOOPBACK)) 187 nd->flags |= ND6_IFF_AUTO_LINKLOCAL; 188 189 return nd; 190 } 191 192 void 193 nd6_ifdetach(struct ifnet *ifp, struct in6_ifextra *ext) 194 { 195 196 /* Ensure all IPv6 addresses are purged before calling nd6_purge */ 197 if_purgeaddrs(ifp, AF_INET6, in6_purgeaddr); 198 nd6_purge(ifp, ext); 199 kmem_free(ext->nd_ifinfo, sizeof(struct nd_kifinfo)); 200 } 201 202 void 203 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 204 { 205 206 memset(ndopts, 0, sizeof(*ndopts)); 207 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 208 ndopts->nd_opts_last 209 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 210 211 if (icmp6len == 0) { 212 ndopts->nd_opts_done = 1; 213 ndopts->nd_opts_search = NULL; 214 } 215 } 216 217 /* 218 * Take one ND option. 219 */ 220 static struct nd_opt_hdr * 221 nd6_option(union nd_opts *ndopts) 222 { 223 struct nd_opt_hdr *nd_opt; 224 int olen; 225 226 KASSERT(ndopts != NULL); 227 KASSERT(ndopts->nd_opts_last != NULL); 228 229 if (ndopts->nd_opts_search == NULL) 230 return NULL; 231 if (ndopts->nd_opts_done) 232 return NULL; 233 234 nd_opt = ndopts->nd_opts_search; 235 236 /* make sure nd_opt_len is inside the buffer */ 237 if ((void *)&nd_opt->nd_opt_len >= (void *)ndopts->nd_opts_last) { 238 memset(ndopts, 0, sizeof(*ndopts)); 239 return NULL; 240 } 241 242 olen = nd_opt->nd_opt_len << 3; 243 if (olen == 0) { 244 /* 245 * Message validation requires that all included 246 * options have a length that is greater than zero. 247 */ 248 memset(ndopts, 0, sizeof(*ndopts)); 249 return NULL; 250 } 251 252 ndopts->nd_opts_search = (struct nd_opt_hdr *)((char *)nd_opt + olen); 253 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 254 /* option overruns the end of buffer, invalid */ 255 memset(ndopts, 0, sizeof(*ndopts)); 256 return NULL; 257 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 258 /* reached the end of options chain */ 259 ndopts->nd_opts_done = 1; 260 ndopts->nd_opts_search = NULL; 261 } 262 return nd_opt; 263 } 264 265 /* 266 * Parse multiple ND options. 267 * This function is much easier to use, for ND routines that do not need 268 * multiple options of the same type. 269 */ 270 int 271 nd6_options(union nd_opts *ndopts) 272 { 273 struct nd_opt_hdr *nd_opt; 274 int i = 0; 275 276 KASSERT(ndopts != NULL); 277 KASSERT(ndopts->nd_opts_last != NULL); 278 279 if (ndopts->nd_opts_search == NULL) 280 return 0; 281 282 while (1) { 283 nd_opt = nd6_option(ndopts); 284 if (nd_opt == NULL && ndopts->nd_opts_last == NULL) { 285 /* 286 * Message validation requires that all included 287 * options have a length that is greater than zero. 288 */ 289 ICMP6_STATINC(ICMP6_STAT_ND_BADOPT); 290 memset(ndopts, 0, sizeof(*ndopts)); 291 return -1; 292 } 293 294 if (nd_opt == NULL) 295 goto skip1; 296 297 switch (nd_opt->nd_opt_type) { 298 case ND_OPT_SOURCE_LINKADDR: 299 case ND_OPT_TARGET_LINKADDR: 300 case ND_OPT_MTU: 301 case ND_OPT_REDIRECTED_HEADER: 302 case ND_OPT_NONCE: 303 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 304 nd6log(LOG_INFO, 305 "duplicated ND6 option found (type=%d)\n", 306 nd_opt->nd_opt_type); 307 /* XXX bark? */ 308 } else { 309 ndopts->nd_opt_array[nd_opt->nd_opt_type] 310 = nd_opt; 311 } 312 break; 313 case ND_OPT_PREFIX_INFORMATION: 314 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 315 ndopts->nd_opt_array[nd_opt->nd_opt_type] 316 = nd_opt; 317 } 318 ndopts->nd_opts_pi_end = 319 (struct nd_opt_prefix_info *)nd_opt; 320 break; 321 default: 322 /* 323 * Unknown options must be silently ignored, 324 * to accommodate future extension to the protocol. 325 */ 326 nd6log(LOG_DEBUG, 327 "nd6_options: unsupported option %d - " 328 "option ignored\n", nd_opt->nd_opt_type); 329 } 330 331 skip1: 332 i++; 333 if (i > nd6_maxndopt) { 334 ICMP6_STATINC(ICMP6_STAT_ND_TOOMANYOPT); 335 nd6log(LOG_INFO, "too many loop in nd opt\n"); 336 break; 337 } 338 339 if (ndopts->nd_opts_done) 340 break; 341 } 342 343 return 0; 344 } 345 346 /* 347 * Gets source address of the first packet in hold queue 348 * and stores it in @src. 349 * Returns pointer to @src (if hold queue is not empty) or NULL. 350 */ 351 static struct in6_addr * 352 nd6_llinfo_get_holdsrc(struct llentry *ln, struct in6_addr *src) 353 { 354 struct ip6_hdr *hip6; 355 356 if (ln == NULL || ln->ln_hold == NULL) 357 return NULL; 358 359 /* 360 * assuming every packet in ln_hold has the same IP header 361 */ 362 hip6 = mtod(ln->ln_hold, struct ip6_hdr *); 363 /* XXX pullup? */ 364 if (sizeof(*hip6) < ln->ln_hold->m_len) 365 *src = hip6->ip6_src; 366 else 367 src = NULL; 368 369 return src; 370 } 371 372 static union l3addr * 373 nd6_llinfo_holdsrc(struct llentry *ln, union l3addr *src) 374 { 375 376 if (nd6_llinfo_get_holdsrc(ln, &src->addr6) == NULL) 377 return NULL; 378 return src; 379 } 380 381 static void 382 nd6_llinfo_output(struct ifnet *ifp, const union l3addr *daddr, 383 const union l3addr *taddr, __unused const uint8_t *tlladdr, 384 const union l3addr *hsrc) 385 { 386 387 nd6_ns_output(ifp, 388 daddr != NULL ? &daddr->addr6 : NULL, 389 taddr != NULL ? &taddr->addr6 : NULL, 390 hsrc != NULL ? &hsrc->addr6 : NULL, NULL); 391 } 392 393 static bool 394 nd6_nud_enabled(struct ifnet *ifp) 395 { 396 struct nd_kifinfo *ndi = ND_IFINFO(ifp); 397 398 return ndi->flags & ND6_IFF_PERFORMNUD; 399 } 400 401 static unsigned int 402 nd6_llinfo_reachable(struct ifnet *ifp) 403 { 404 struct nd_kifinfo *ndi = ND_IFINFO(ifp); 405 406 return ndi->reachable; 407 } 408 409 static unsigned int 410 nd6_llinfo_retrans(struct ifnet *ifp) 411 { 412 struct nd_kifinfo *ndi = ND_IFINFO(ifp); 413 414 return ndi->retrans; 415 } 416 417 static void 418 nd6_llinfo_missed(struct ifnet *ifp, const union l3addr *taddr, 419 int16_t type, struct mbuf *m) 420 { 421 struct in6_addr mdaddr6 = zeroin6_addr; 422 struct sockaddr_in6 dsin6, tsin6; 423 struct sockaddr *sa; 424 425 if (m != NULL) { 426 if (type == ND_LLINFO_PROBE) { 427 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 428 429 /* XXX pullup? */ 430 if (sizeof(*ip6) < m->m_len) 431 mdaddr6 = ip6->ip6_src; 432 m_freem(m); 433 } else 434 icmp6_error2(m, ICMP6_DST_UNREACH, 435 ICMP6_DST_UNREACH_ADDR, 0, ifp, &mdaddr6); 436 } 437 if (!IN6_IS_ADDR_UNSPECIFIED(&mdaddr6)) { 438 sockaddr_in6_init(&dsin6, &mdaddr6, 0, 0, 0); 439 sa = sin6tosa(&dsin6); 440 } else 441 sa = NULL; 442 443 sockaddr_in6_init(&tsin6, &taddr->addr6, 0, 0, 0); 444 rt_clonedmsg(RTM_MISS, sa, sin6tosa(&tsin6), NULL, ifp); 445 } 446 447 /* 448 * ND6 timer routine to expire default route list and prefix list 449 */ 450 static void 451 nd6_timer_work(struct work *wk, void *arg) 452 { 453 struct in6_ifaddr *ia6, *nia6; 454 int s, bound; 455 struct psref psref; 456 457 callout_reset(&nd6_timer_ch, nd6_prune * hz, 458 nd6_timer, NULL); 459 460 SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); 461 462 /* expire interface addresses */ 463 bound = curlwp_bind(); 464 s = pserialize_read_enter(); 465 for (ia6 = IN6_ADDRLIST_READER_FIRST(); ia6; ia6 = nia6) { 466 nia6 = IN6_ADDRLIST_READER_NEXT(ia6); 467 468 ia6_acquire(ia6, &psref); 469 pserialize_read_exit(s); 470 471 /* check address lifetime */ 472 if (IFA6_IS_INVALID(ia6)) { 473 struct ifnet *ifp; 474 475 ifp = ia6->ia_ifa.ifa_ifp; 476 IFNET_LOCK(ifp); 477 /* 478 * Need to take the lock first to prevent if_detach 479 * from running in6_purgeaddr concurrently. 480 */ 481 if (!if_is_deactivated(ifp)) { 482 ia6_release(ia6, &psref); 483 in6_purgeaddr(&ia6->ia_ifa); 484 } else { 485 /* 486 * ifp is being destroyed, ia6 will be destroyed 487 * by if_detach. 488 */ 489 ia6_release(ia6, &psref); 490 } 491 ia6 = NULL; 492 IFNET_UNLOCK(ifp); 493 } else if (IFA6_IS_DEPRECATED(ia6)) { 494 int oldflags = ia6->ia6_flags; 495 496 if ((oldflags & IN6_IFF_DEPRECATED) == 0) { 497 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 498 rt_addrmsg(RTM_NEWADDR, (struct ifaddr *)ia6); 499 } 500 } else { 501 /* 502 * A new RA might have made a deprecated address 503 * preferred. 504 */ 505 if (ia6->ia6_flags & IN6_IFF_DEPRECATED) { 506 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 507 rt_addrmsg(RTM_NEWADDR, (struct ifaddr *)ia6); 508 } 509 } 510 s = pserialize_read_enter(); 511 ia6_release(ia6, &psref); 512 } 513 pserialize_read_exit(s); 514 curlwp_bindx(bound); 515 516 SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); 517 } 518 519 static void 520 nd6_timer(void *ignored_arg) 521 { 522 523 workqueue_enqueue(nd6_timer_wq, &nd6_timer_wk, NULL); 524 } 525 526 /* 527 * Nuke neighbor cache/prefix/default router management table, right before 528 * ifp goes away. 529 */ 530 void 531 nd6_purge(struct ifnet *ifp, struct in6_ifextra *ext) 532 { 533 534 /* 535 * During detach, the ND info might be already removed, but 536 * then is explitly passed as argument. 537 * Otherwise get it from ifp->if_afdata. 538 */ 539 if (ext == NULL) 540 ext = ifp->if_afdata[AF_INET6]; 541 if (ext == NULL) 542 return; 543 544 /* 545 * We may not need to nuke the neighbor cache entries here 546 * because the neighbor cache is kept in if_afdata[AF_INET6]. 547 * nd6_purge() is invoked by in6_ifdetach() which is called 548 * from if_detach() where everything gets purged. However 549 * in6_ifdetach is directly called from vlan(4), so we still 550 * need to purge entries here. 551 */ 552 if (ext->lltable != NULL) 553 lltable_purge_entries(ext->lltable); 554 } 555 556 struct llentry * 557 nd6_lookup(const struct in6_addr *addr6, const struct ifnet *ifp, bool wlock) 558 { 559 struct sockaddr_in6 sin6; 560 struct llentry *ln; 561 562 sockaddr_in6_init(&sin6, addr6, 0, 0, 0); 563 564 IF_AFDATA_RLOCK(ifp); 565 ln = lla_lookup(LLTABLE6(ifp), wlock ? LLE_EXCLUSIVE : 0, 566 sin6tosa(&sin6)); 567 IF_AFDATA_RUNLOCK(ifp); 568 569 return ln; 570 } 571 572 struct llentry * 573 nd6_create(const struct in6_addr *addr6, const struct ifnet *ifp) 574 { 575 struct sockaddr_in6 sin6; 576 struct llentry *ln; 577 struct rtentry *rt; 578 579 sockaddr_in6_init(&sin6, addr6, 0, 0, 0); 580 rt = rtalloc1(sin6tosa(&sin6), 0); 581 582 IF_AFDATA_WLOCK(ifp); 583 ln = lla_create(LLTABLE6(ifp), LLE_EXCLUSIVE, sin6tosa(&sin6), rt); 584 IF_AFDATA_WUNLOCK(ifp); 585 586 if (rt != NULL) 587 rt_unref(rt); 588 if (ln != NULL) 589 ln->ln_state = ND_LLINFO_NOSTATE; 590 591 return ln; 592 } 593 594 /* 595 * Test whether a given IPv6 address is a neighbor or not, ignoring 596 * the actual neighbor cache. The neighbor cache is ignored in order 597 * to not reenter the routing code from within itself. 598 */ 599 static int 600 nd6_is_new_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 601 { 602 struct ifaddr *dstaddr; 603 int s; 604 605 /* 606 * A link-local address is always a neighbor. 607 * XXX: a link does not necessarily specify a single interface. 608 */ 609 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 610 struct sockaddr_in6 sin6_copy; 611 u_int32_t zone; 612 613 /* 614 * We need sin6_copy since sa6_recoverscope() may modify the 615 * content (XXX). 616 */ 617 sin6_copy = *addr; 618 if (sa6_recoverscope(&sin6_copy)) 619 return 0; /* XXX: should be impossible */ 620 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 621 return 0; 622 if (sin6_copy.sin6_scope_id == zone) 623 return 1; 624 else 625 return 0; 626 } 627 628 /* 629 * If the address is assigned on the node of the other side of 630 * a p2p interface, the address should be a neighbor. 631 */ 632 s = pserialize_read_enter(); 633 dstaddr = ifa_ifwithdstaddr(sin6tocsa(addr)); 634 if (dstaddr != NULL) { 635 if (dstaddr->ifa_ifp == ifp) { 636 pserialize_read_exit(s); 637 return 1; 638 } 639 } 640 pserialize_read_exit(s); 641 642 return 0; 643 } 644 645 /* 646 * Detect if a given IPv6 address identifies a neighbor on a given link. 647 * XXX: should take care of the destination of a p2p link? 648 */ 649 int 650 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 651 { 652 struct llentry *ln; 653 struct rtentry *rt; 654 655 /* 656 * A link-local address is always a neighbor. 657 * XXX: a link does not necessarily specify a single interface. 658 */ 659 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 660 struct sockaddr_in6 sin6_copy; 661 u_int32_t zone; 662 663 /* 664 * We need sin6_copy since sa6_recoverscope() may modify the 665 * content (XXX). 666 */ 667 sin6_copy = *addr; 668 if (sa6_recoverscope(&sin6_copy)) 669 return 0; /* XXX: should be impossible */ 670 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 671 return 0; 672 if (sin6_copy.sin6_scope_id == zone) 673 return 1; 674 else 675 return 0; 676 } 677 678 if (nd6_is_new_addr_neighbor(addr, ifp)) 679 return 1; 680 681 /* 682 * Even if the address matches none of our addresses, it might be 683 * in the neighbor cache or a connected route. 684 */ 685 ln = nd6_lookup(&addr->sin6_addr, ifp, false); 686 if (ln != NULL) { 687 LLE_RUNLOCK(ln); 688 return 1; 689 } 690 691 rt = rtalloc1(sin6tocsa(addr), 0); 692 if (rt == NULL) 693 return 0; 694 695 if ((rt->rt_flags & RTF_CONNECTED) && (rt->rt_ifp == ifp 696 #if NBRIDGE > 0 697 || rt->rt_ifp->if_bridge == ifp->if_bridge 698 #endif 699 #if NCARP > 0 700 || (ifp->if_type == IFT_CARP && rt->rt_ifp == ifp->if_carpdev) || 701 (rt->rt_ifp->if_type == IFT_CARP && rt->rt_ifp->if_carpdev == ifp)|| 702 (ifp->if_type == IFT_CARP && rt->rt_ifp->if_type == IFT_CARP && 703 rt->rt_ifp->if_carpdev == ifp->if_carpdev) 704 #endif 705 )) { 706 rt_unref(rt); 707 return 1; 708 } 709 rt_unref(rt); 710 711 return 0; 712 } 713 714 /* 715 * Free an nd6 llinfo entry. 716 * Since the function would cause significant changes in the kernel, DO NOT 717 * make it global, unless you have a strong reason for the change, and are sure 718 * that the change is safe. 719 */ 720 static void 721 nd6_free(struct llentry *ln, int gc) 722 { 723 struct ifnet *ifp; 724 725 KASSERT(ln != NULL); 726 LLE_WLOCK_ASSERT(ln); 727 728 /* 729 * If the reason for the deletion is just garbage collection, 730 * and the neighbor is an active router, do not delete it. 731 * Instead, reset the GC timer using the router's lifetime. 732 * XXX: the check for ln_state should be redundant, 733 * but we intentionally keep it just in case. 734 */ 735 if (!ip6_forwarding && ln->ln_router && 736 ln->ln_state == ND_LLINFO_STALE && gc) 737 { 738 nd_set_timer(ln, ND_TIMER_EXPIRE); 739 LLE_WUNLOCK(ln); 740 return; 741 } 742 743 ifp = ln->lle_tbl->llt_ifp; 744 745 if (ln->la_flags & LLE_VALID || gc) { 746 struct sockaddr_in6 sin6; 747 const char *lladdr; 748 749 sockaddr_in6_init(&sin6, &ln->r_l3addr.addr6, 0, 0, 0); 750 lladdr = ln->la_flags & LLE_VALID ? 751 (const char *)&ln->ll_addr : NULL; 752 rt_clonedmsg(RTM_DELETE, NULL, sin6tosa(&sin6), lladdr, ifp); 753 } 754 755 /* 756 * Save to unlock. We still hold an extra reference and will not 757 * free(9) in llentry_free() if someone else holds one as well. 758 */ 759 LLE_WUNLOCK(ln); 760 IF_AFDATA_LOCK(ifp); 761 LLE_WLOCK(ln); 762 763 lltable_free_entry(LLTABLE6(ifp), ln); 764 765 IF_AFDATA_UNLOCK(ifp); 766 } 767 768 /* 769 * Upper-layer reachability hint for Neighbor Unreachability Detection. 770 * 771 * XXX cost-effective methods? 772 */ 773 void 774 nd6_nud_hint(struct rtentry *rt) 775 { 776 struct llentry *ln; 777 struct ifnet *ifp; 778 779 if (rt == NULL) 780 return; 781 782 ifp = rt->rt_ifp; 783 ln = nd6_lookup(&(satocsin6(rt_getkey(rt)))->sin6_addr, ifp, true); 784 nd_nud_hint(ln); 785 } 786 787 struct gc_args { 788 int gc_entries; 789 const struct in6_addr *skip_in6; 790 }; 791 792 static int 793 nd6_purge_entry(struct lltable *llt, struct llentry *ln, void *farg) 794 { 795 struct gc_args *args = farg; 796 int *n = &args->gc_entries; 797 const struct in6_addr *skip_in6 = args->skip_in6; 798 799 if (*n <= 0) 800 return 0; 801 802 if (ND_IS_LLINFO_PERMANENT(ln)) 803 return 0; 804 805 if (IN6_ARE_ADDR_EQUAL(&ln->r_l3addr.addr6, skip_in6)) 806 return 0; 807 808 LLE_WLOCK(ln); 809 if (ln->ln_state > ND_LLINFO_INCOMPLETE) 810 ln->ln_state = ND_LLINFO_STALE; 811 else 812 ln->ln_state = ND_LLINFO_PURGE; 813 nd_set_timer(ln, ND_TIMER_IMMEDIATE); 814 LLE_WUNLOCK(ln); 815 816 (*n)--; 817 return 0; 818 } 819 820 static void 821 nd6_gc_neighbors(struct lltable *llt, const struct in6_addr *in6) 822 { 823 824 if (ip6_neighborgcthresh >= 0 && 825 lltable_get_entry_count(llt) >= ip6_neighborgcthresh) { 826 struct gc_args gc_args = {10, in6}; 827 /* 828 * XXX entries that are "less recently used" should be 829 * freed first. 830 */ 831 lltable_foreach_lle(llt, nd6_purge_entry, &gc_args); 832 } 833 } 834 835 void 836 nd6_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info) 837 { 838 struct sockaddr *gate = rt->rt_gateway; 839 struct ifnet *ifp = rt->rt_ifp; 840 uint8_t namelen = strlen(ifp->if_xname), addrlen = ifp->if_addrlen; 841 struct ifaddr *ifa; 842 843 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 844 845 if (req == RTM_LLINFO_UPD) { 846 int rc; 847 struct in6_addr *in6; 848 struct in6_addr in6_all; 849 int anycast; 850 851 if ((ifa = info->rti_ifa) == NULL) 852 return; 853 854 in6 = &ifatoia6(ifa)->ia_addr.sin6_addr; 855 anycast = ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST; 856 857 in6_all = in6addr_linklocal_allnodes; 858 if ((rc = in6_setscope(&in6_all, ifa->ifa_ifp, NULL)) != 0) { 859 log(LOG_ERR, "%s: failed to set scope %s " 860 "(errno=%d)\n", __func__, if_name(ifp), rc); 861 return; 862 } 863 864 /* XXX don't set Override for proxy addresses */ 865 nd6_na_output(ifa->ifa_ifp, &in6_all, in6, 866 (anycast ? 0 : ND_NA_FLAG_OVERRIDE) 867 #if 0 868 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0) 869 #endif 870 , 1, NULL); 871 return; 872 } 873 874 if ((rt->rt_flags & RTF_GATEWAY) != 0) { 875 if (req != RTM_ADD) 876 return; 877 /* 878 * linklayers with particular MTU limitation. 879 */ 880 switch(ifp->if_type) { 881 #if NARCNET > 0 882 case IFT_ARCNET: 883 if (rt->rt_rmx.rmx_mtu > ARC_PHDS_MAXMTU) /* RFC2497 */ 884 rt->rt_rmx.rmx_mtu = ARC_PHDS_MAXMTU; 885 break; 886 #endif 887 } 888 return; 889 } 890 891 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 892 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 893 /* 894 * This is probably an interface direct route for a link 895 * which does not need neighbor caches (e.g. fe80::%lo0/64). 896 * We do not need special treatment below for such a route. 897 * Moreover, the RTF_LLINFO flag which would be set below 898 * would annoy the ndp(8) command. 899 */ 900 return; 901 } 902 903 switch (req) { 904 case RTM_ADD: { 905 struct psref psref; 906 907 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 908 /* 909 * There is no backward compatibility :) 910 * 911 * if ((rt->rt_flags & RTF_HOST) == 0 && 912 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 913 * rt->rt_flags |= RTF_CLONING; 914 */ 915 /* XXX should move to route.c? */ 916 if (rt->rt_flags & (RTF_CONNECTED | RTF_LOCAL)) { 917 union { 918 struct sockaddr sa; 919 struct sockaddr_dl sdl; 920 struct sockaddr_storage ss; 921 } u; 922 /* 923 * Case 1: This route should come from a route to 924 * interface (RTF_CLONING case) or the route should be 925 * treated as on-link but is currently not 926 * (RTF_LLINFO && ln == NULL case). 927 */ 928 if (sockaddr_dl_init(&u.sdl, sizeof(u.ss), 929 ifp->if_index, ifp->if_type, 930 NULL, namelen, NULL, addrlen) == NULL) { 931 printf("%s.%d: sockaddr_dl_init(, %zu, ) " 932 "failed on %s\n", __func__, __LINE__, 933 sizeof(u.ss), if_name(ifp)); 934 } 935 rt_setgate(rt, &u.sa); 936 gate = rt->rt_gateway; 937 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 938 if (gate == NULL) { 939 log(LOG_ERR, 940 "%s: rt_setgate failed on %s\n", __func__, 941 if_name(ifp)); 942 break; 943 } 944 945 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 946 if ((rt->rt_flags & RTF_CONNECTED) != 0) 947 break; 948 } 949 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 950 /* 951 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 952 * We don't do that here since llinfo is not ready yet. 953 * 954 * There are also couple of other things to be discussed: 955 * - unsolicited NA code needs improvement beforehand 956 * - RFC2461 says we MAY send multicast unsolicited NA 957 * (7.2.6 paragraph 4), however, it also says that we 958 * SHOULD provide a mechanism to prevent multicast NA storm. 959 * we don't have anything like it right now. 960 * note that the mechanism needs a mutual agreement 961 * between proxies, which means that we need to implement 962 * a new protocol, or a new kludge. 963 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 964 * we need to check ip6forwarding before sending it. 965 * (or should we allow proxy ND configuration only for 966 * routers? there's no mention about proxy ND from hosts) 967 */ 968 #if 0 969 /* XXX it does not work */ 970 if (rt->rt_flags & RTF_ANNOUNCE) 971 nd6_na_output(ifp, 972 &satocsin6(rt_getkey(rt))->sin6_addr, 973 &satocsin6(rt_getkey(rt))->sin6_addr, 974 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 975 1, NULL); 976 #endif 977 978 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 979 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 980 /* 981 * Address resolution isn't necessary for a point to 982 * point link, so we can skip this test for a p2p link. 983 */ 984 if (gate->sa_family != AF_LINK || 985 gate->sa_len < 986 sockaddr_dl_measure(namelen, addrlen)) { 987 log(LOG_DEBUG, 988 "nd6_rtrequest: bad gateway value: %s\n", 989 if_name(ifp)); 990 break; 991 } 992 satosdl(gate)->sdl_type = ifp->if_type; 993 satosdl(gate)->sdl_index = ifp->if_index; 994 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 995 } 996 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 997 998 /* 999 * When called from rt_ifa_addlocal, we cannot depend on that 1000 * the address (rt_getkey(rt)) exits in the address list of the 1001 * interface. So check RTF_LOCAL instead. 1002 */ 1003 if (rt->rt_flags & RTF_LOCAL) { 1004 if (nd6_useloopback) 1005 rt->rt_ifp = lo0ifp; /* XXX */ 1006 break; 1007 } 1008 1009 /* 1010 * check if rt_getkey(rt) is an address assigned 1011 * to the interface. 1012 */ 1013 ifa = (struct ifaddr *)in6ifa_ifpwithaddr_psref(ifp, 1014 &satocsin6(rt_getkey(rt))->sin6_addr, &psref); 1015 if (ifa != NULL) { 1016 if (nd6_useloopback) { 1017 rt->rt_ifp = lo0ifp; /* XXX */ 1018 /* 1019 * Make sure rt_ifa be equal to the ifaddr 1020 * corresponding to the address. 1021 * We need this because when we refer 1022 * rt_ifa->ia6_flags in ip6_input, we assume 1023 * that the rt_ifa points to the address instead 1024 * of the loopback address. 1025 */ 1026 if (!ISSET(info->rti_flags, RTF_DONTCHANGEIFA) 1027 && ifa != rt->rt_ifa) 1028 rt_replace_ifa(rt, ifa); 1029 } 1030 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1031 /* join solicited node multicast for proxy ND */ 1032 if (ifp->if_flags & IFF_MULTICAST) { 1033 struct in6_addr llsol; 1034 int error; 1035 1036 llsol = satocsin6(rt_getkey(rt))->sin6_addr; 1037 llsol.s6_addr32[0] = htonl(0xff020000); 1038 llsol.s6_addr32[1] = 0; 1039 llsol.s6_addr32[2] = htonl(1); 1040 llsol.s6_addr8[12] = 0xff; 1041 if (in6_setscope(&llsol, ifp, NULL)) 1042 goto out; 1043 if (!in6_addmulti(&llsol, ifp, &error, 0)) { 1044 char ip6buf[INET6_ADDRSTRLEN]; 1045 nd6log(LOG_ERR, "%s: failed to join " 1046 "%s (errno=%d)\n", if_name(ifp), 1047 IN6_PRINT(ip6buf, &llsol), error); 1048 } 1049 } 1050 } 1051 out: 1052 ifa_release(ifa, &psref); 1053 /* 1054 * If we have too many cache entries, initiate immediate 1055 * purging for some entries. 1056 */ 1057 if (rt->rt_ifp != NULL) 1058 nd6_gc_neighbors(LLTABLE6(rt->rt_ifp), NULL); 1059 break; 1060 } 1061 1062 case RTM_DELETE: 1063 /* leave from solicited node multicast for proxy ND */ 1064 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1065 (ifp->if_flags & IFF_MULTICAST) != 0) { 1066 struct in6_addr llsol; 1067 1068 llsol = satocsin6(rt_getkey(rt))->sin6_addr; 1069 llsol.s6_addr32[0] = htonl(0xff020000); 1070 llsol.s6_addr32[1] = 0; 1071 llsol.s6_addr32[2] = htonl(1); 1072 llsol.s6_addr8[12] = 0xff; 1073 if (in6_setscope(&llsol, ifp, NULL) == 0) 1074 in6_lookup_and_delete_multi(&llsol, ifp); 1075 } 1076 break; 1077 } 1078 } 1079 1080 static void 1081 nd6_setifflags(struct ifnet *ifp, uint32_t flags) 1082 { 1083 struct nd_kifinfo *ndi = ND_IFINFO(ifp); 1084 struct ifaddr *ifa; 1085 struct in6_ifaddr *ia; 1086 int s; 1087 1088 if (ndi->flags & ND6_IFF_IFDISABLED && !(flags & ND6_IFF_IFDISABLED)) { 1089 /* 1090 * If the interface is marked as ND6_IFF_IFDISABLED and 1091 * has a link-local address with IN6_IFF_DUPLICATED, 1092 * do not clear ND6_IFF_IFDISABLED. 1093 * See RFC 4862, section 5.4.5. 1094 */ 1095 bool duplicated_linklocal = false; 1096 1097 s = pserialize_read_enter(); 1098 IFADDR_READER_FOREACH(ifa, ifp) { 1099 if (ifa->ifa_addr->sa_family != AF_INET6) 1100 continue; 1101 ia = (struct in6_ifaddr *)ifa; 1102 if ((ia->ia6_flags & IN6_IFF_DUPLICATED) && 1103 IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) 1104 { 1105 duplicated_linklocal = true; 1106 break; 1107 } 1108 } 1109 pserialize_read_exit(s); 1110 1111 if (duplicated_linklocal) { 1112 flags |= ND6_IFF_IFDISABLED; 1113 log(LOG_ERR, "%s: Cannot enable an interface" 1114 " with a link-local address marked" 1115 " duplicate.\n", if_name(ifp)); 1116 } else { 1117 ndi->flags &= ~ND6_IFF_IFDISABLED; 1118 if (ifp->if_flags & IFF_UP) 1119 in6_if_up(ifp); 1120 } 1121 } else if (!(ndi->flags & ND6_IFF_IFDISABLED) && 1122 (flags & ND6_IFF_IFDISABLED)) 1123 { 1124 struct psref psref; 1125 int bound = curlwp_bind(); 1126 1127 /* Mark all IPv6 addresses as tentative. */ 1128 1129 ndi->flags |= ND6_IFF_IFDISABLED; 1130 s = pserialize_read_enter(); 1131 IFADDR_READER_FOREACH(ifa, ifp) { 1132 if (ifa->ifa_addr->sa_family != AF_INET6) 1133 continue; 1134 ifa_acquire(ifa, &psref); 1135 pserialize_read_exit(s); 1136 1137 nd6_dad_stop(ifa); 1138 1139 ia = (struct in6_ifaddr *)ifa; 1140 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1141 1142 s = pserialize_read_enter(); 1143 ifa_release(ifa, &psref); 1144 } 1145 pserialize_read_exit(s); 1146 curlwp_bindx(bound); 1147 } 1148 1149 if (flags & ND6_IFF_AUTO_LINKLOCAL) { 1150 if (!(ndi->flags & ND6_IFF_AUTO_LINKLOCAL)) { 1151 /* auto_linklocal 0->1 transition */ 1152 1153 ndi->flags |= ND6_IFF_AUTO_LINKLOCAL; 1154 in6_ifattach(ifp, NULL); 1155 } else if (!(flags & ND6_IFF_IFDISABLED) && 1156 ifp->if_flags & IFF_UP) 1157 { 1158 /* 1159 * When the IF already has 1160 * ND6_IFF_AUTO_LINKLOCAL, no link-local 1161 * address is assigned, and IFF_UP, try to 1162 * assign one. 1163 */ 1164 bool haslinklocal = 0; 1165 1166 s = pserialize_read_enter(); 1167 IFADDR_READER_FOREACH(ifa, ifp) { 1168 if (ifa->ifa_addr->sa_family !=AF_INET6) 1169 continue; 1170 ia = (struct in6_ifaddr *)ifa; 1171 if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))){ 1172 haslinklocal = true; 1173 break; 1174 } 1175 } 1176 pserialize_read_exit(s); 1177 if (!haslinklocal) 1178 in6_ifattach(ifp, NULL); 1179 } 1180 } 1181 1182 ndi->flags = flags; 1183 } 1184 1185 int 1186 nd6_ioctl(u_long cmd, void *data, struct ifnet *ifp) 1187 { 1188 #ifdef OSIOCGIFINFO_IN6_90 1189 struct in6_ndireq90 *ondi = (struct in6_ndireq90 *)data; 1190 struct in6_ndifreq90 *ndif = (struct in6_ndifreq90 *)data; 1191 #define OND ondi->ndi 1192 #endif 1193 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1194 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1195 struct nd_kifinfo *ifndi = ND_IFINFO(ifp); 1196 int error = 0; 1197 #define ND ndi->ndi 1198 1199 switch (cmd) { 1200 #ifdef OSIOCSRTRFLUSH_IN6 1201 case OSIOCGDRLST_IN6: /* FALLTHROUGH */ 1202 case OSIOCGPRLST_IN6: /* FALLTHROUGH */ 1203 case OSIOCSNDFLUSH_IN6: /* FALLTHROUGH */ 1204 case OSIOCSPFXFLUSH_IN6: /* FALLTHROUGH */ 1205 case OSIOCSRTRFLUSH_IN6: /* FALLTHROUGH */ 1206 break; 1207 case OSIOCGDEFIFACE_IN6: 1208 ndif->ifindex = 0; 1209 break; 1210 case OSIOCSDEFIFACE_IN6: 1211 error = ENOTSUP; 1212 break; 1213 #endif 1214 #ifdef OSIOCGIFINFO_IN6 1215 case OSIOCGIFINFO_IN6: /* FALLTHROUGH */ 1216 #endif 1217 #ifdef OSIOCGIFINFO_IN6_90 1218 case OSIOCGIFINFO_IN6_90: 1219 memset(&OND, 0, sizeof(OND)); 1220 OND.initialized = 1; 1221 OND.chlim = ifndi->chlim; 1222 OND.basereachable = ifndi->basereachable; 1223 OND.retrans = ifndi->retrans; 1224 OND.flags = ifndi->flags; 1225 break; 1226 case OSIOCSIFINFO_IN6_90: 1227 /* Allow userland to set Neighour Unreachability Detection 1228 * timers. */ 1229 if (OND.chlim != 0) 1230 ifndi->chlim = OND.chlim; 1231 if (OND.basereachable != 0 && 1232 OND.basereachable != ifndi->basereachable) 1233 { 1234 ifndi->basereachable = OND.basereachable; 1235 ifndi->reachable = ND_COMPUTE_RTIME(OND.basereachable); 1236 } 1237 if (OND.retrans != 0) 1238 ifndi->retrans = OND.retrans; 1239 /* Retain the old behaviour .... */ 1240 /* FALLTHROUGH */ 1241 case OSIOCSIFINFO_FLAGS_90: 1242 nd6_setifflags(ifp, OND.flags); 1243 break; 1244 #undef OND 1245 #endif 1246 case SIOCGIFINFO_IN6: 1247 ND.chlim = ifndi->chlim; 1248 ND.basereachable = ifndi->basereachable; 1249 ND.retrans = ifndi->retrans; 1250 ND.flags = ifndi->flags; 1251 break; 1252 case SIOCSIFINFO_IN6: 1253 /* Allow userland to set Neighour Unreachability Detection 1254 * timers. */ 1255 if (ND.chlim != 0) 1256 ifndi->chlim = ND.chlim; 1257 if (ND.basereachable != 0 && 1258 ND.basereachable != ifndi->basereachable) 1259 { 1260 ifndi->basereachable = ND.basereachable; 1261 ifndi->reachable = ND_COMPUTE_RTIME(ND.basereachable); 1262 } 1263 if (ND.retrans != 0) 1264 ifndi->retrans = ND.retrans; 1265 break; 1266 case SIOCSIFINFO_FLAGS: 1267 nd6_setifflags(ifp, ND.flags); 1268 break; 1269 #undef ND 1270 case SIOCGNBRINFO_IN6: 1271 { 1272 struct llentry *ln; 1273 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1274 1275 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0) 1276 return error; 1277 1278 ln = nd6_lookup(&nb_addr, ifp, false); 1279 if (ln == NULL) { 1280 error = EINVAL; 1281 break; 1282 } 1283 nbi->state = ln->ln_state; 1284 nbi->asked = ln->ln_asked; 1285 nbi->isrouter = ln->ln_router; 1286 nbi->expire = ln->ln_expire ? 1287 time_mono_to_wall(ln->ln_expire) : 0; 1288 LLE_RUNLOCK(ln); 1289 1290 break; 1291 } 1292 } 1293 return error; 1294 } 1295 1296 void 1297 nd6_llinfo_release_pkts(struct llentry *ln, struct ifnet *ifp) 1298 { 1299 struct mbuf *m_hold, *m_hold_next; 1300 struct sockaddr_in6 sin6; 1301 1302 LLE_WLOCK_ASSERT(ln); 1303 1304 sockaddr_in6_init(&sin6, &ln->r_l3addr.addr6, 0, 0, 0); 1305 1306 m_hold = ln->la_hold, ln->la_hold = NULL, ln->la_numheld = 0; 1307 1308 LLE_ADDREF(ln); 1309 LLE_WUNLOCK(ln); 1310 for (; m_hold != NULL; m_hold = m_hold_next) { 1311 m_hold_next = m_hold->m_nextpkt; 1312 m_hold->m_nextpkt = NULL; 1313 1314 /* 1315 * we assume ifp is not a p2p here, so 1316 * just set the 2nd argument as the 1317 * 1st one. 1318 */ 1319 ip6_if_output(ifp, ifp, m_hold, &sin6, NULL); 1320 } 1321 LLE_WLOCK(ln); 1322 LLE_REMREF(ln); 1323 } 1324 1325 /* 1326 * Create neighbor cache entry and cache link-layer address, 1327 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1328 */ 1329 void 1330 nd6_cache_lladdr( 1331 struct ifnet *ifp, 1332 struct in6_addr *from, 1333 char *lladdr, 1334 int lladdrlen, 1335 int type, /* ICMP6 type */ 1336 int code /* type dependent information */ 1337 ) 1338 { 1339 struct llentry *ln = NULL; 1340 int is_newentry; 1341 int do_update; 1342 int olladdr; 1343 int llchange; 1344 int newstate = 0; 1345 1346 KASSERT(ifp != NULL); 1347 KASSERT(from != NULL); 1348 1349 /* nothing must be updated for unspecified address */ 1350 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1351 return; 1352 1353 /* 1354 * Validation about ifp->if_addrlen and lladdrlen must be done in 1355 * the caller. 1356 * 1357 * XXX If the link does not have link-layer adderss, what should 1358 * we do? (ifp->if_addrlen == 0) 1359 * Spec says nothing in sections for RA, RS and NA. There's small 1360 * description on it in NS section (RFC 2461 7.2.3). 1361 */ 1362 1363 ln = nd6_lookup(from, ifp, true); 1364 if (ln == NULL) { 1365 #if 0 1366 /* nothing must be done if there's no lladdr */ 1367 if (!lladdr || !lladdrlen) 1368 return NULL; 1369 #endif 1370 1371 ln = nd6_create(from, ifp); 1372 is_newentry = 1; 1373 } else { 1374 /* do nothing if static ndp is set */ 1375 if (ln->la_flags & LLE_STATIC) { 1376 LLE_WUNLOCK(ln); 1377 return; 1378 } 1379 is_newentry = 0; 1380 } 1381 1382 if (ln == NULL) 1383 return; 1384 1385 olladdr = (ln->la_flags & LLE_VALID) ? 1 : 0; 1386 if (olladdr && lladdr) { 1387 llchange = memcmp(lladdr, &ln->ll_addr, ifp->if_addrlen); 1388 } else 1389 llchange = 0; 1390 1391 /* 1392 * newentry olladdr lladdr llchange (*=record) 1393 * 0 n n -- (1) 1394 * 0 y n -- (2) 1395 * 0 n y -- (3) * STALE 1396 * 0 y y n (4) * 1397 * 0 y y y (5) * STALE 1398 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1399 * 1 -- y -- (7) * STALE 1400 */ 1401 1402 if (lladdr) { /* (3-5) and (7) */ 1403 /* 1404 * Record source link-layer address 1405 * XXX is it dependent to ifp->if_type? 1406 */ 1407 memcpy(&ln->ll_addr, lladdr, ifp->if_addrlen); 1408 ln->la_flags |= LLE_VALID; 1409 } 1410 1411 if (!is_newentry) { 1412 if ((!olladdr && lladdr) || /* (3) */ 1413 (olladdr && lladdr && llchange)) { /* (5) */ 1414 do_update = 1; 1415 newstate = ND_LLINFO_STALE; 1416 } else /* (1-2,4) */ 1417 do_update = 0; 1418 } else { 1419 do_update = 1; 1420 if (lladdr == NULL) /* (6) */ 1421 newstate = ND_LLINFO_NOSTATE; 1422 else /* (7) */ 1423 newstate = ND_LLINFO_STALE; 1424 } 1425 1426 if (do_update) { 1427 /* 1428 * Update the state of the neighbor cache. 1429 */ 1430 ln->ln_state = newstate; 1431 1432 if (ln->ln_state == ND_LLINFO_STALE) { 1433 /* 1434 * XXX: since nd6_output() below will cause 1435 * state tansition to DELAY and reset the timer, 1436 * we must set the timer now, although it is actually 1437 * meaningless. 1438 */ 1439 nd_set_timer(ln, ND_TIMER_GC); 1440 1441 nd6_llinfo_release_pkts(ln, ifp); 1442 } else if (ln->ln_state == ND_LLINFO_INCOMPLETE) { 1443 /* probe right away */ 1444 nd_set_timer(ln, ND_TIMER_IMMEDIATE); 1445 } 1446 } 1447 1448 /* 1449 * ICMP6 type dependent behavior. 1450 * 1451 * NS: clear IsRouter if new entry 1452 * RS: clear IsRouter 1453 * RA: set IsRouter if there's lladdr 1454 * redir: clear IsRouter if new entry 1455 * 1456 * RA case, (1): 1457 * The spec says that we must set IsRouter in the following cases: 1458 * - If lladdr exist, set IsRouter. This means (1-5). 1459 * - If it is old entry (!newentry), set IsRouter. This means (7). 1460 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1461 * A question arises for (1) case. (1) case has no lladdr in the 1462 * neighbor cache, this is similar to (6). 1463 * This case is rare but we figured that we MUST NOT set IsRouter. 1464 * 1465 * newentry olladdr lladdr llchange NS RS RA redir 1466 * D R 1467 * 0 n n -- (1) c ? s 1468 * 0 y n -- (2) c s s 1469 * 0 n y -- (3) c s s 1470 * 0 y y n (4) c s s 1471 * 0 y y y (5) c s s 1472 * 1 -- n -- (6) c c c s 1473 * 1 -- y -- (7) c c s c s 1474 * 1475 * (c=clear s=set) 1476 */ 1477 switch (type & 0xff) { 1478 case ND_NEIGHBOR_SOLICIT: 1479 /* 1480 * New entry must have is_router flag cleared. 1481 */ 1482 if (is_newentry) /* (6-7) */ 1483 ln->ln_router = 0; 1484 break; 1485 case ND_REDIRECT: 1486 /* 1487 * If the icmp is a redirect to a better router, always set the 1488 * is_router flag. Otherwise, if the entry is newly created, 1489 * clear the flag. [RFC 2461, sec 8.3] 1490 */ 1491 if (code == ND_REDIRECT_ROUTER) 1492 ln->ln_router = 1; 1493 else if (is_newentry) /* (6-7) */ 1494 ln->ln_router = 0; 1495 break; 1496 case ND_ROUTER_SOLICIT: 1497 /* 1498 * is_router flag must always be cleared. 1499 */ 1500 ln->ln_router = 0; 1501 break; 1502 case ND_ROUTER_ADVERT: 1503 /* 1504 * Mark an entry with lladdr as a router. 1505 */ 1506 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1507 (is_newentry && lladdr)) { /* (7) */ 1508 ln->ln_router = 1; 1509 } 1510 break; 1511 } 1512 1513 if (do_update && lladdr != NULL) { 1514 struct sockaddr_in6 sin6; 1515 1516 sockaddr_in6_init(&sin6, from, 0, 0, 0); 1517 rt_clonedmsg(is_newentry ? RTM_ADD : RTM_CHANGE, 1518 NULL, sin6tosa(&sin6), lladdr, ifp); 1519 } 1520 1521 if (ln != NULL) 1522 LLE_WUNLOCK(ln); 1523 1524 /* 1525 * If we have too many cache entries, initiate immediate 1526 * purging for some entries. 1527 */ 1528 if (is_newentry) 1529 nd6_gc_neighbors(LLTABLE6(ifp), &ln->r_l3addr.addr6); 1530 } 1531 1532 static void 1533 nd6_slowtimo(void *ignored_arg) 1534 { 1535 struct nd_kifinfo *ndi; 1536 struct ifnet *ifp; 1537 struct psref psref; 1538 int s; 1539 1540 SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); 1541 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 1542 nd6_slowtimo, NULL); 1543 1544 s = pserialize_read_enter(); 1545 IFNET_READER_FOREACH(ifp) { 1546 ndi = ND_IFINFO(ifp); 1547 if (ndi->basereachable && /* already initialized */ 1548 (ndi->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1549 if_acquire(ifp, &psref); 1550 pserialize_read_exit(s); 1551 /* 1552 * Since reachable time rarely changes by router 1553 * advertisements, we SHOULD insure that a new random 1554 * value gets recomputed at least once every few hours. 1555 * (RFC 2461, 6.3.4) 1556 */ 1557 ndi->recalctm = nd6_recalc_reachtm_interval; 1558 ndi->reachable = ND_COMPUTE_RTIME(ndi->basereachable); 1559 s = pserialize_read_enter(); 1560 if_release(ifp, &psref); 1561 } 1562 } 1563 pserialize_read_exit(s); 1564 1565 SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); 1566 } 1567 1568 /* 1569 * Return 0 if a neighbor cache is found. Return EWOULDBLOCK if a cache is not 1570 * found and trying to resolve a neighbor; in this case the mbuf is queued in 1571 * the list. Otherwise return errno after freeing the mbuf. 1572 */ 1573 int 1574 nd6_resolve(struct ifnet *ifp, const struct rtentry *rt, struct mbuf *m, 1575 const struct sockaddr *_dst, uint8_t *lldst, size_t dstsize) 1576 { 1577 struct llentry *ln = NULL; 1578 bool created = false; 1579 const struct sockaddr_in6 *dst = satocsin6(_dst); 1580 int error; 1581 struct nd_kifinfo *ndi = ND_IFINFO(ifp); 1582 1583 /* discard the packet if IPv6 operation is disabled on the interface */ 1584 if (ndi->flags & ND6_IFF_IFDISABLED) { 1585 m_freem(m); 1586 return ENETDOWN; /* better error? */ 1587 } 1588 1589 /* 1590 * Address resolution or Neighbor Unreachability Detection 1591 * for the next hop. 1592 * At this point, the destination of the packet must be a unicast 1593 * or an anycast address(i.e. not a multicast). 1594 */ 1595 1596 /* Look up the neighbor cache for the nexthop */ 1597 ln = nd6_lookup(&dst->sin6_addr, ifp, false); 1598 1599 if (ln != NULL && (ln->la_flags & LLE_VALID) != 0 && 1600 ln->ln_state == ND_LLINFO_REACHABLE) { 1601 /* Fast path */ 1602 memcpy(lldst, &ln->ll_addr, MIN(dstsize, ifp->if_addrlen)); 1603 LLE_RUNLOCK(ln); 1604 return 0; 1605 } 1606 if (ln != NULL) 1607 LLE_RUNLOCK(ln); 1608 1609 /* Slow path */ 1610 ln = nd6_lookup(&dst->sin6_addr, ifp, true); 1611 if (ln == NULL && nd6_is_addr_neighbor(dst, ifp)) { 1612 /* 1613 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 1614 * the condition below is not very efficient. But we believe 1615 * it is tolerable, because this should be a rare case. 1616 */ 1617 ln = nd6_create(&dst->sin6_addr, ifp); 1618 if (ln == NULL) { 1619 char ip6buf[INET6_ADDRSTRLEN]; 1620 log(LOG_DEBUG, 1621 "%s: can't allocate llinfo for %s " 1622 "(ln=%p, rt=%p)\n", __func__, 1623 IN6_PRINT(ip6buf, &dst->sin6_addr), ln, rt); 1624 m_freem(m); 1625 return ENOBUFS; 1626 } 1627 created = true; 1628 } 1629 1630 if (ln == NULL) { 1631 m_freem(m); 1632 return ENETDOWN; /* better error? */ 1633 } 1634 1635 error = nd_resolve(ln, rt, m, lldst, dstsize); 1636 1637 if (created) 1638 nd6_gc_neighbors(LLTABLE6(ifp), &dst->sin6_addr); 1639 1640 return error; 1641 } 1642 1643 int 1644 nd6_need_cache(struct ifnet *ifp) 1645 { 1646 /* 1647 * XXX: we currently do not make neighbor cache on any interface 1648 * other than ARCnet, Ethernet, and GIF. 1649 * 1650 * RFC2893 says: 1651 * - unidirectional tunnels needs no ND 1652 */ 1653 switch (ifp->if_type) { 1654 case IFT_ARCNET: 1655 case IFT_ETHER: 1656 case IFT_IEEE1394: 1657 case IFT_CARP: 1658 case IFT_GIF: /* XXX need more cases? */ 1659 case IFT_PPP: 1660 case IFT_TUNNEL: 1661 return 1; 1662 default: 1663 return 0; 1664 } 1665 } 1666 1667 int 1668 nd6_sysctl( 1669 int name, 1670 void *oldp, /* syscall arg, need copyout */ 1671 size_t *oldlenp, 1672 void *newp, /* syscall arg, need copyin */ 1673 size_t newlen 1674 ) 1675 { 1676 1677 if (newp) 1678 return EPERM; 1679 1680 switch (name) { 1681 #ifdef COMPAT_90 1682 case OICMPV6CTL_ND6_DRLIST: /* FALLTHROUGH */ 1683 case OICMPV6CTL_ND6_PRLIST: 1684 *oldlenp = 0; 1685 return 0; 1686 #endif 1687 case ICMPV6CTL_ND6_MAXQLEN: 1688 return 0; 1689 default: 1690 return ENOPROTOOPT; 1691 } 1692 } 1693