1 /* $NetBSD: nd6_nbr.c,v 1.100 2014/07/01 07:51:29 ozaki-r Exp $ */ 2 /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.100 2014/07/01 07:51:29 ozaki-r Exp $"); 35 36 #include "opt_inet.h" 37 #include "opt_ipsec.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/malloc.h> 42 #include <sys/mbuf.h> 43 #include <sys/socket.h> 44 #include <sys/socketvar.h> 45 #include <sys/sockio.h> 46 #include <sys/time.h> 47 #include <sys/kernel.h> 48 #include <sys/errno.h> 49 #include <sys/ioctl.h> 50 #include <sys/syslog.h> 51 #include <sys/queue.h> 52 #include <sys/callout.h> 53 54 #include <net/if.h> 55 #include <net/if_types.h> 56 #include <net/if_dl.h> 57 #include <net/route.h> 58 59 #include <netinet/in.h> 60 #include <netinet/in_var.h> 61 #include <netinet6/in6_var.h> 62 #include <netinet6/in6_ifattach.h> 63 #include <netinet/ip6.h> 64 #include <netinet6/ip6_var.h> 65 #include <netinet6/scope6_var.h> 66 #include <netinet6/nd6.h> 67 #include <netinet/icmp6.h> 68 #include <netinet6/icmp6_private.h> 69 70 #include "carp.h" 71 #if NCARP > 0 72 #include <netinet/ip_carp.h> 73 #endif 74 75 #include <net/net_osdep.h> 76 77 struct dadq; 78 static struct dadq *nd6_dad_find(struct ifaddr *); 79 static void nd6_dad_starttimer(struct dadq *, int); 80 static void nd6_dad_stoptimer(struct dadq *); 81 static void nd6_dad_timer(struct ifaddr *); 82 static void nd6_dad_ns_output(struct dadq *, struct ifaddr *); 83 static void nd6_dad_ns_input(struct ifaddr *); 84 static void nd6_dad_na_input(struct ifaddr *); 85 86 static int dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/ 87 static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */ 88 89 /* 90 * Input a Neighbor Solicitation Message. 91 * 92 * Based on RFC 2461 93 * Based on RFC 2462 (duplicate address detection) 94 */ 95 void 96 nd6_ns_input(struct mbuf *m, int off, int icmp6len) 97 { 98 struct ifnet *ifp = m->m_pkthdr.rcvif; 99 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 100 struct nd_neighbor_solicit *nd_ns; 101 struct in6_addr saddr6 = ip6->ip6_src; 102 struct in6_addr daddr6 = ip6->ip6_dst; 103 struct in6_addr taddr6; 104 struct in6_addr myaddr6; 105 char *lladdr = NULL; 106 struct ifaddr *ifa; 107 int lladdrlen = 0; 108 int anycast = 0, proxy = 0, tentative = 0; 109 int router = ip6_forwarding; 110 int tlladdr; 111 union nd_opts ndopts; 112 const struct sockaddr_dl *proxydl = NULL; 113 114 IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len); 115 if (nd_ns == NULL) { 116 ICMP6_STATINC(ICMP6_STAT_TOOSHORT); 117 return; 118 } 119 ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */ 120 taddr6 = nd_ns->nd_ns_target; 121 if (in6_setscope(&taddr6, ifp, NULL) != 0) 122 goto bad; 123 124 if (ip6->ip6_hlim != 255) { 125 nd6log((LOG_ERR, 126 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n", 127 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 128 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 129 goto bad; 130 } 131 132 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 133 /* dst has to be a solicited node multicast address. */ 134 /* don't check ifindex portion */ 135 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL && 136 daddr6.s6_addr32[1] == 0 && 137 daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE && 138 daddr6.s6_addr8[12] == 0xff) { 139 ; /* good */ 140 } else { 141 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 142 "(wrong ip6 dst)\n")); 143 goto bad; 144 } 145 } else { 146 struct sockaddr_in6 ssin6; 147 148 /* 149 * Make sure the source address is from a neighbor's address. 150 */ 151 sockaddr_in6_init(&ssin6, &saddr6, 0, 0, 0); 152 if (nd6_is_addr_neighbor(&ssin6, ifp) == 0) { 153 nd6log((LOG_INFO, "nd6_ns_input: " 154 "NS packet from non-neighbor\n")); 155 goto bad; 156 } 157 } 158 159 160 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 161 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n")); 162 goto bad; 163 } 164 165 icmp6len -= sizeof(*nd_ns); 166 nd6_option_init(nd_ns + 1, icmp6len, &ndopts); 167 if (nd6_options(&ndopts) < 0) { 168 nd6log((LOG_INFO, 169 "nd6_ns_input: invalid ND option, ignored\n")); 170 /* nd6_options have incremented stats */ 171 goto freeit; 172 } 173 174 if (ndopts.nd_opts_src_lladdr) { 175 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 176 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 177 } 178 179 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) { 180 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 181 "(link-layer address option)\n")); 182 goto bad; 183 } 184 185 /* 186 * Attaching target link-layer address to the NA? 187 * (RFC 2461 7.2.4) 188 * 189 * NS IP dst is multicast MUST add 190 * Otherwise MAY be omitted 191 * 192 * In this implementation, we omit the target link-layer address 193 * in the "MAY" case. 194 */ 195 #if 0 /* too much! */ 196 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &daddr6); 197 if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)) 198 tlladdr = 0; 199 else 200 #endif 201 if (!IN6_IS_ADDR_MULTICAST(&daddr6)) 202 tlladdr = 0; 203 else 204 tlladdr = 1; 205 206 /* 207 * Target address (taddr6) must be either: 208 * (1) Valid unicast/anycast address for my receiving interface, 209 * (2) Unicast address for which I'm offering proxy service, or 210 * (3) "tentative" address on which DAD is being performed. 211 */ 212 /* (1) and (3) check. */ 213 #if NCARP > 0 214 if (ifp->if_carp && ifp->if_type != IFT_CARP) 215 ifa = carp_iamatch6(ifp->if_carp, &taddr6); 216 else 217 ifa = NULL; 218 if (!ifa) 219 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 220 #else 221 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 222 #endif 223 224 /* (2) check. */ 225 if (ifa == NULL) { 226 struct rtentry *rt; 227 struct sockaddr_in6 tsin6; 228 229 sockaddr_in6_init(&tsin6, &taddr6, 0, 0, 0); 230 231 rt = rtalloc1((struct sockaddr *)&tsin6, 0); 232 if (rt && (rt->rt_flags & RTF_ANNOUNCE) != 0 && 233 rt->rt_gateway->sa_family == AF_LINK) { 234 /* 235 * proxy NDP for single entry 236 */ 237 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 238 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST); 239 if (ifa) { 240 proxy = 1; 241 proxydl = satocsdl(rt->rt_gateway); 242 router = 0; /* XXX */ 243 } 244 } 245 if (rt) 246 rtfree(rt); 247 } 248 if (ifa == NULL) { 249 /* 250 * We've got an NS packet, and we don't have that address 251 * assigned for us. We MUST silently ignore it. 252 * See RFC2461 7.2.3. 253 */ 254 goto freeit; 255 } 256 myaddr6 = *IFA_IN6(ifa); 257 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST; 258 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE; 259 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED) 260 goto freeit; 261 262 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 263 nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s " 264 "(if %d, NS packet %d)\n", 265 ip6_sprintf(&taddr6), ifp->if_addrlen, lladdrlen - 2)); 266 goto bad; 267 } 268 269 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) { 270 nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n", 271 ip6_sprintf(&saddr6))); 272 goto freeit; 273 } 274 275 /* 276 * We have neighbor solicitation packet, with target address equals to 277 * one of my tentative address. 278 * 279 * src addr how to process? 280 * --- --- 281 * multicast of course, invalid (rejected in ip6_input) 282 * unicast somebody is doing address resolution -> ignore 283 * unspec dup address detection 284 * 285 * The processing is defined in RFC 2462. 286 */ 287 if (tentative) { 288 /* 289 * If source address is unspecified address, it is for 290 * duplicate address detection. 291 * 292 * If not, the packet is for addess resolution; 293 * silently ignore it. 294 */ 295 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 296 nd6_dad_ns_input(ifa); 297 298 goto freeit; 299 } 300 301 /* 302 * If the source address is unspecified address, entries must not 303 * be created or updated. 304 * It looks that sender is performing DAD. Output NA toward 305 * all-node multicast address, to tell the sender that I'm using 306 * the address. 307 * S bit ("solicited") must be zero. 308 */ 309 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 310 struct in6_addr in6_all; 311 312 in6_all = in6addr_linklocal_allnodes; 313 if (in6_setscope(&in6_all, ifp, NULL) != 0) 314 goto bad; 315 nd6_na_output(ifp, &in6_all, &taddr6, 316 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 317 (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0), 318 tlladdr, (const struct sockaddr *)proxydl); 319 goto freeit; 320 } 321 322 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_NEIGHBOR_SOLICIT, 0); 323 324 nd6_na_output(ifp, &saddr6, &taddr6, 325 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 326 (router ? ND_NA_FLAG_ROUTER : 0) | ND_NA_FLAG_SOLICITED, 327 tlladdr, (const struct sockaddr *)proxydl); 328 freeit: 329 m_freem(m); 330 return; 331 332 bad: 333 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n", ip6_sprintf(&saddr6))); 334 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n", ip6_sprintf(&daddr6))); 335 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n", ip6_sprintf(&taddr6))); 336 ICMP6_STATINC(ICMP6_STAT_BADNS); 337 m_freem(m); 338 } 339 340 /* 341 * Output a Neighbor Solicitation Message. Caller specifies: 342 * - ICMP6 header source IP6 address 343 * - ND6 header target IP6 address 344 * - ND6 header source datalink address 345 * 346 * Based on RFC 2461 347 * Based on RFC 2462 (duplicate address detection) 348 */ 349 void 350 nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6, 351 const struct in6_addr *taddr6, 352 struct llinfo_nd6 *ln, /* for source address determination */ 353 int dad /* duplicate address detection */) 354 { 355 struct mbuf *m; 356 struct ip6_hdr *ip6; 357 struct nd_neighbor_solicit *nd_ns; 358 struct in6_addr *src, src_in; 359 struct ip6_moptions im6o; 360 int icmp6len; 361 int maxlen; 362 const void *mac; 363 struct route ro; 364 365 if (IN6_IS_ADDR_MULTICAST(taddr6)) 366 return; 367 368 memset(&ro, 0, sizeof(ro)); 369 370 /* estimate the size of message */ 371 maxlen = sizeof(*ip6) + sizeof(*nd_ns); 372 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 373 #ifdef DIAGNOSTIC 374 if (max_linkhdr + maxlen >= MCLBYTES) { 375 printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES " 376 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 377 panic("nd6_ns_output: insufficient MCLBYTES"); 378 /* NOTREACHED */ 379 } 380 #endif 381 382 MGETHDR(m, M_DONTWAIT, MT_DATA); 383 if (m && max_linkhdr + maxlen >= MHLEN) { 384 MCLGET(m, M_DONTWAIT); 385 if ((m->m_flags & M_EXT) == 0) { 386 m_free(m); 387 m = NULL; 388 } 389 } 390 if (m == NULL) 391 return; 392 m->m_pkthdr.rcvif = NULL; 393 394 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) { 395 m->m_flags |= M_MCAST; 396 im6o.im6o_multicast_ifp = ifp; 397 im6o.im6o_multicast_hlim = 255; 398 im6o.im6o_multicast_loop = 0; 399 } 400 401 icmp6len = sizeof(*nd_ns); 402 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len; 403 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 404 405 /* fill neighbor solicitation packet */ 406 ip6 = mtod(m, struct ip6_hdr *); 407 ip6->ip6_flow = 0; 408 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 409 ip6->ip6_vfc |= IPV6_VERSION; 410 /* ip6->ip6_plen will be set later */ 411 ip6->ip6_nxt = IPPROTO_ICMPV6; 412 ip6->ip6_hlim = 255; 413 if (daddr6) 414 ip6->ip6_dst = *daddr6; 415 else { 416 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 417 ip6->ip6_dst.s6_addr16[1] = 0; 418 ip6->ip6_dst.s6_addr32[1] = 0; 419 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE; 420 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3]; 421 ip6->ip6_dst.s6_addr8[12] = 0xff; 422 if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0) 423 goto bad; 424 } 425 if (!dad) { 426 /* 427 * RFC2461 7.2.2: 428 * "If the source address of the packet prompting the 429 * solicitation is the same as one of the addresses assigned 430 * to the outgoing interface, that address SHOULD be placed 431 * in the IP Source Address of the outgoing solicitation. 432 * Otherwise, any one of the addresses assigned to the 433 * interface should be used." 434 * 435 * We use the source address for the prompting packet 436 * (hsrc), if: 437 * - hsrc is given from the caller (by giving "ln"), and 438 * - hsrc belongs to the outgoing interface. 439 * Otherwise, we perform the source address selection as usual. 440 */ 441 struct ip6_hdr *hip6; /* hold ip6 */ 442 struct in6_addr *hsrc = NULL; 443 444 if (ln && ln->ln_hold) { 445 /* 446 * assuming every packet in ln_hold has the same IP 447 * header 448 */ 449 hip6 = mtod(ln->ln_hold, struct ip6_hdr *); 450 /* XXX pullup? */ 451 if (sizeof(*hip6) < ln->ln_hold->m_len) 452 hsrc = &hip6->ip6_src; 453 else 454 hsrc = NULL; 455 } 456 if (hsrc && in6ifa_ifpwithaddr(ifp, hsrc)) 457 src = hsrc; 458 else { 459 int error; 460 struct sockaddr_in6 dst_sa; 461 462 sockaddr_in6_init(&dst_sa, &ip6->ip6_dst, 0, 0, 0); 463 464 src = in6_selectsrc(&dst_sa, NULL, 465 NULL, &ro, NULL, NULL, &error); 466 if (src == NULL) { 467 nd6log((LOG_DEBUG, 468 "nd6_ns_output: source can't be " 469 "determined: dst=%s, error=%d\n", 470 ip6_sprintf(&dst_sa.sin6_addr), error)); 471 goto bad; 472 } 473 } 474 } else { 475 /* 476 * Source address for DAD packet must always be IPv6 477 * unspecified address. (0::0) 478 * We actually don't have to 0-clear the address (we did it 479 * above), but we do so here explicitly to make the intention 480 * clearer. 481 */ 482 memset(&src_in, 0, sizeof(src_in)); 483 src = &src_in; 484 } 485 ip6->ip6_src = *src; 486 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1); 487 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; 488 nd_ns->nd_ns_code = 0; 489 nd_ns->nd_ns_reserved = 0; 490 nd_ns->nd_ns_target = *taddr6; 491 in6_clearscope(&nd_ns->nd_ns_target); /* XXX */ 492 493 /* 494 * Add source link-layer address option. 495 * 496 * spec implementation 497 * --- --- 498 * DAD packet MUST NOT do not add the option 499 * there's no link layer address: 500 * impossible do not add the option 501 * there's link layer address: 502 * Multicast NS MUST add one add the option 503 * Unicast NS SHOULD add one add the option 504 */ 505 if (!dad && (mac = nd6_ifptomac(ifp))) { 506 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 507 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1); 508 /* 8 byte alignments... */ 509 optlen = (optlen + 7) & ~7; 510 511 m->m_pkthdr.len += optlen; 512 m->m_len += optlen; 513 icmp6len += optlen; 514 memset((void *)nd_opt, 0, optlen); 515 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 516 nd_opt->nd_opt_len = optlen >> 3; 517 memcpy((void *)(nd_opt + 1), mac, ifp->if_addrlen); 518 } 519 520 ip6->ip6_plen = htons((u_int16_t)icmp6len); 521 nd_ns->nd_ns_cksum = 0; 522 nd_ns->nd_ns_cksum = 523 in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len); 524 525 ip6_output(m, NULL, &ro, dad ? IPV6_UNSPECSRC : 0, &im6o, NULL, NULL); 526 icmp6_ifstat_inc(ifp, ifs6_out_msg); 527 icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit); 528 ICMP6_STATINC(ICMP6_STAT_OUTHIST + ND_NEIGHBOR_SOLICIT); 529 530 rtcache_free(&ro); 531 return; 532 533 bad: 534 rtcache_free(&ro); 535 m_freem(m); 536 return; 537 } 538 539 /* 540 * Neighbor advertisement input handling. 541 * 542 * Based on RFC 2461 543 * Based on RFC 2462 (duplicate address detection) 544 * 545 * the following items are not implemented yet: 546 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 547 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 548 */ 549 void 550 nd6_na_input(struct mbuf *m, int off, int icmp6len) 551 { 552 struct ifnet *ifp = m->m_pkthdr.rcvif; 553 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 554 struct nd_neighbor_advert *nd_na; 555 struct in6_addr saddr6 = ip6->ip6_src; 556 struct in6_addr daddr6 = ip6->ip6_dst; 557 struct in6_addr taddr6; 558 int flags; 559 int is_router; 560 int is_solicited; 561 int is_override; 562 char *lladdr = NULL; 563 int lladdrlen = 0; 564 struct ifaddr *ifa; 565 struct llinfo_nd6 *ln; 566 struct rtentry *rt; 567 struct sockaddr_dl *sdl; 568 union nd_opts ndopts; 569 struct sockaddr_in6 ssin6; 570 571 if (ip6->ip6_hlim != 255) { 572 nd6log((LOG_ERR, 573 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n", 574 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 575 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 576 goto bad; 577 } 578 579 IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len); 580 if (nd_na == NULL) { 581 ICMP6_STATINC(ICMP6_STAT_TOOSHORT); 582 return; 583 } 584 585 flags = nd_na->nd_na_flags_reserved; 586 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0); 587 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0); 588 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0); 589 590 taddr6 = nd_na->nd_na_target; 591 if (in6_setscope(&taddr6, ifp, NULL)) 592 return; /* XXX: impossible */ 593 594 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 595 nd6log((LOG_ERR, 596 "nd6_na_input: invalid target address %s\n", 597 ip6_sprintf(&taddr6))); 598 goto bad; 599 } 600 if (is_solicited && IN6_IS_ADDR_MULTICAST(&daddr6)) { 601 nd6log((LOG_ERR, 602 "nd6_na_input: a solicited adv is multicasted\n")); 603 goto bad; 604 } 605 606 icmp6len -= sizeof(*nd_na); 607 nd6_option_init(nd_na + 1, icmp6len, &ndopts); 608 if (nd6_options(&ndopts) < 0) { 609 nd6log((LOG_INFO, 610 "nd6_na_input: invalid ND option, ignored\n")); 611 /* nd6_options have incremented stats */ 612 goto freeit; 613 } 614 615 if (ndopts.nd_opts_tgt_lladdr) { 616 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1); 617 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 618 } 619 620 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 621 622 /* 623 * Target address matches one of my interface address. 624 * 625 * If my address is tentative, this means that there's somebody 626 * already using the same address as mine. This indicates DAD failure. 627 * This is defined in RFC 2462. 628 * 629 * Otherwise, process as defined in RFC 2461. 630 */ 631 if (ifa 632 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { 633 nd6_dad_na_input(ifa); 634 goto freeit; 635 } 636 637 /* Just for safety, maybe unnecessary. */ 638 if (ifa) { 639 log(LOG_ERR, 640 "nd6_na_input: duplicate IP6 address %s\n", 641 ip6_sprintf(&taddr6)); 642 goto freeit; 643 } 644 645 /* 646 * Make sure the source address is from a neighbor's address. 647 */ 648 sockaddr_in6_init(&ssin6, &saddr6, 0, 0, 0); 649 if (nd6_is_addr_neighbor(&ssin6, ifp) == 0) { 650 nd6log((LOG_INFO, "nd6_na_input: " 651 "ND packet from non-neighbor\n")); 652 goto bad; 653 } 654 655 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 656 nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s " 657 "(if %d, NA packet %d)\n", ip6_sprintf(&taddr6), 658 ifp->if_addrlen, lladdrlen - 2)); 659 goto bad; 660 } 661 662 /* 663 * If no neighbor cache entry is found, NA SHOULD silently be 664 * discarded. 665 */ 666 rt = nd6_lookup(&taddr6, 0, ifp); 667 if ((rt == NULL) || 668 ((ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) || 669 ((sdl = satosdl(rt->rt_gateway)) == NULL)) 670 goto freeit; 671 672 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 673 /* 674 * If the link-layer has address, and no lladdr option came, 675 * discard the packet. 676 */ 677 if (ifp->if_addrlen && !lladdr) 678 goto freeit; 679 680 /* 681 * Record link-layer address, and update the state. 682 */ 683 (void)sockaddr_dl_setaddr(sdl, sdl->sdl_len, lladdr, 684 ifp->if_addrlen); 685 if (is_solicited) { 686 ln->ln_state = ND6_LLINFO_REACHABLE; 687 ln->ln_byhint = 0; 688 if (!ND6_LLINFO_PERMANENT(ln)) { 689 nd6_llinfo_settimer(ln, 690 (long)ND_IFINFO(rt->rt_ifp)->reachable * hz); 691 } 692 } else { 693 ln->ln_state = ND6_LLINFO_STALE; 694 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz); 695 } 696 if ((ln->ln_router = is_router) != 0) { 697 /* 698 * This means a router's state has changed from 699 * non-reachable to probably reachable, and might 700 * affect the status of associated prefixes.. 701 */ 702 pfxlist_onlink_check(); 703 } 704 } else { 705 int llchange; 706 707 /* 708 * Check if the link-layer address has changed or not. 709 */ 710 if (lladdr == NULL) 711 llchange = 0; 712 else { 713 if (sdl->sdl_alen) { 714 if (memcmp(lladdr, CLLADDR(sdl), ifp->if_addrlen)) 715 llchange = 1; 716 else 717 llchange = 0; 718 } else 719 llchange = 1; 720 } 721 722 /* 723 * This is VERY complex. Look at it with care. 724 * 725 * override solicit lladdr llchange action 726 * (L: record lladdr) 727 * 728 * 0 0 n -- (2c) 729 * 0 0 y n (2b) L 730 * 0 0 y y (1) REACHABLE->STALE 731 * 0 1 n -- (2c) *->REACHABLE 732 * 0 1 y n (2b) L *->REACHABLE 733 * 0 1 y y (1) REACHABLE->STALE 734 * 1 0 n -- (2a) 735 * 1 0 y n (2a) L 736 * 1 0 y y (2a) L *->STALE 737 * 1 1 n -- (2a) *->REACHABLE 738 * 1 1 y n (2a) L *->REACHABLE 739 * 1 1 y y (2a) L *->REACHABLE 740 */ 741 if (!is_override && lladdr != NULL && llchange) { /* (1) */ 742 /* 743 * If state is REACHABLE, make it STALE. 744 * no other updates should be done. 745 */ 746 if (ln->ln_state == ND6_LLINFO_REACHABLE) { 747 ln->ln_state = ND6_LLINFO_STALE; 748 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz); 749 } 750 goto freeit; 751 } else if (is_override /* (2a) */ 752 || (!is_override && lladdr != NULL && !llchange) /* (2b) */ 753 || lladdr == NULL) { /* (2c) */ 754 /* 755 * Update link-local address, if any. 756 */ 757 if (lladdr != NULL) { 758 (void)sockaddr_dl_setaddr(sdl, sdl->sdl_len, 759 lladdr, ifp->if_addrlen); 760 } 761 762 /* 763 * If solicited, make the state REACHABLE. 764 * If not solicited and the link-layer address was 765 * changed, make it STALE. 766 */ 767 if (is_solicited) { 768 ln->ln_state = ND6_LLINFO_REACHABLE; 769 ln->ln_byhint = 0; 770 if (!ND6_LLINFO_PERMANENT(ln)) { 771 nd6_llinfo_settimer(ln, 772 (long)ND_IFINFO(ifp)->reachable * hz); 773 } 774 } else { 775 if (lladdr && llchange) { 776 ln->ln_state = ND6_LLINFO_STALE; 777 nd6_llinfo_settimer(ln, 778 (long)nd6_gctimer * hz); 779 } 780 } 781 } 782 783 if (ln->ln_router && !is_router) { 784 /* 785 * The peer dropped the router flag. 786 * Remove the sender from the Default Router List and 787 * update the Destination Cache entries. 788 */ 789 struct nd_defrouter *dr; 790 const struct in6_addr *in6; 791 int s; 792 793 in6 = &satocsin6(rt_getkey(rt))->sin6_addr; 794 795 /* 796 * Lock to protect the default router list. 797 * XXX: this might be unnecessary, since this function 798 * is only called under the network software interrupt 799 * context. However, we keep it just for safety. 800 */ 801 s = splsoftnet(); 802 dr = defrouter_lookup(in6, rt->rt_ifp); 803 if (dr) 804 defrtrlist_del(dr); 805 else if (!ip6_forwarding) { 806 /* 807 * Even if the neighbor is not in the default 808 * router list, the neighbor may be used 809 * as a next hop for some destinations 810 * (e.g. redirect case). So we must 811 * call rt6_flush explicitly. 812 */ 813 rt6_flush(&ip6->ip6_src, rt->rt_ifp); 814 } 815 splx(s); 816 } 817 ln->ln_router = is_router; 818 } 819 rt->rt_flags &= ~RTF_REJECT; 820 ln->ln_asked = 0; 821 nd6_llinfo_release_pkts(ln, ifp, rt); 822 823 freeit: 824 m_freem(m); 825 return; 826 827 bad: 828 ICMP6_STATINC(ICMP6_STAT_BADNA); 829 m_freem(m); 830 } 831 832 /* 833 * Neighbor advertisement output handling. 834 * 835 * Based on RFC 2461 836 * 837 * the following items are not implemented yet: 838 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 839 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 840 */ 841 void 842 nd6_na_output( 843 struct ifnet *ifp, 844 const struct in6_addr *daddr6_0, 845 const struct in6_addr *taddr6, 846 u_long flags, 847 int tlladdr, /* 1 if include target link-layer address */ 848 const struct sockaddr *sdl0) /* sockaddr_dl (= proxy NA) or NULL */ 849 { 850 struct mbuf *m; 851 struct ip6_hdr *ip6; 852 struct nd_neighbor_advert *nd_na; 853 struct ip6_moptions im6o; 854 struct sockaddr *dst; 855 union { 856 struct sockaddr dst; 857 struct sockaddr_in6 dst6; 858 } u; 859 struct in6_addr *src, daddr6; 860 int icmp6len, maxlen, error; 861 const void *mac; 862 struct route ro; 863 864 mac = NULL; 865 memset(&ro, 0, sizeof(ro)); 866 867 daddr6 = *daddr6_0; /* make a local copy for modification */ 868 869 /* estimate the size of message */ 870 maxlen = sizeof(*ip6) + sizeof(*nd_na); 871 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 872 #ifdef DIAGNOSTIC 873 if (max_linkhdr + maxlen >= MCLBYTES) { 874 printf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES " 875 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 876 panic("nd6_na_output: insufficient MCLBYTES"); 877 /* NOTREACHED */ 878 } 879 #endif 880 881 MGETHDR(m, M_DONTWAIT, MT_DATA); 882 if (m && max_linkhdr + maxlen >= MHLEN) { 883 MCLGET(m, M_DONTWAIT); 884 if ((m->m_flags & M_EXT) == 0) { 885 m_free(m); 886 m = NULL; 887 } 888 } 889 if (m == NULL) 890 return; 891 m->m_pkthdr.rcvif = NULL; 892 893 if (IN6_IS_ADDR_MULTICAST(&daddr6)) { 894 m->m_flags |= M_MCAST; 895 im6o.im6o_multicast_ifp = ifp; 896 im6o.im6o_multicast_hlim = 255; 897 im6o.im6o_multicast_loop = 0; 898 } 899 900 icmp6len = sizeof(*nd_na); 901 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len; 902 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 903 904 /* fill neighbor advertisement packet */ 905 ip6 = mtod(m, struct ip6_hdr *); 906 ip6->ip6_flow = 0; 907 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 908 ip6->ip6_vfc |= IPV6_VERSION; 909 ip6->ip6_nxt = IPPROTO_ICMPV6; 910 ip6->ip6_hlim = 255; 911 if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) { 912 /* reply to DAD */ 913 daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 914 daddr6.s6_addr16[1] = 0; 915 daddr6.s6_addr32[1] = 0; 916 daddr6.s6_addr32[2] = 0; 917 daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE; 918 if (in6_setscope(&daddr6, ifp, NULL)) 919 goto bad; 920 921 flags &= ~ND_NA_FLAG_SOLICITED; 922 } 923 ip6->ip6_dst = daddr6; 924 sockaddr_in6_init(&u.dst6, &daddr6, 0, 0, 0); 925 dst = &u.dst; 926 rtcache_setdst(&ro, dst); 927 928 /* 929 * Select a source whose scope is the same as that of the dest. 930 */ 931 src = in6_selectsrc(satosin6(dst), NULL, NULL, &ro, NULL, NULL, &error); 932 if (src == NULL) { 933 nd6log((LOG_DEBUG, "nd6_na_output: source can't be " 934 "determined: dst=%s, error=%d\n", 935 ip6_sprintf(&satocsin6(dst)->sin6_addr), error)); 936 goto bad; 937 } 938 ip6->ip6_src = *src; 939 nd_na = (struct nd_neighbor_advert *)(ip6 + 1); 940 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT; 941 nd_na->nd_na_code = 0; 942 nd_na->nd_na_target = *taddr6; 943 in6_clearscope(&nd_na->nd_na_target); /* XXX */ 944 945 /* 946 * "tlladdr" indicates NS's condition for adding tlladdr or not. 947 * see nd6_ns_input() for details. 948 * Basically, if NS packet is sent to unicast/anycast addr, 949 * target lladdr option SHOULD NOT be included. 950 */ 951 if (tlladdr) { 952 /* 953 * sdl0 != NULL indicates proxy NA. If we do proxy, use 954 * lladdr in sdl0. If we are not proxying (sending NA for 955 * my address) use lladdr configured for the interface. 956 */ 957 if (sdl0 == NULL) 958 mac = nd6_ifptomac(ifp); 959 else if (sdl0->sa_family == AF_LINK) { 960 const struct sockaddr_dl *sdl; 961 sdl = satocsdl(sdl0); 962 if (sdl->sdl_alen == ifp->if_addrlen) 963 mac = CLLADDR(sdl); 964 } 965 } 966 if (tlladdr && mac) { 967 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 968 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1); 969 970 /* roundup to 8 bytes alignment! */ 971 optlen = (optlen + 7) & ~7; 972 973 m->m_pkthdr.len += optlen; 974 m->m_len += optlen; 975 icmp6len += optlen; 976 memset((void *)nd_opt, 0, optlen); 977 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 978 nd_opt->nd_opt_len = optlen >> 3; 979 memcpy((void *)(nd_opt + 1), mac, ifp->if_addrlen); 980 } else 981 flags &= ~ND_NA_FLAG_OVERRIDE; 982 983 ip6->ip6_plen = htons((u_int16_t)icmp6len); 984 nd_na->nd_na_flags_reserved = flags; 985 nd_na->nd_na_cksum = 0; 986 nd_na->nd_na_cksum = 987 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len); 988 989 ip6_output(m, NULL, NULL, 0, &im6o, NULL, NULL); 990 991 icmp6_ifstat_inc(ifp, ifs6_out_msg); 992 icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert); 993 ICMP6_STATINC(ICMP6_STAT_OUTHIST + ND_NEIGHBOR_ADVERT); 994 995 rtcache_free(&ro); 996 return; 997 998 bad: 999 rtcache_free(&ro); 1000 m_freem(m); 1001 return; 1002 } 1003 1004 const void * 1005 nd6_ifptomac(const struct ifnet *ifp) 1006 { 1007 switch (ifp->if_type) { 1008 case IFT_ARCNET: 1009 case IFT_ETHER: 1010 case IFT_FDDI: 1011 case IFT_IEEE1394: 1012 case IFT_PROPVIRTUAL: 1013 case IFT_CARP: 1014 case IFT_L2VLAN: 1015 case IFT_IEEE80211: 1016 return CLLADDR(ifp->if_sadl); 1017 default: 1018 return NULL; 1019 } 1020 } 1021 1022 TAILQ_HEAD(dadq_head, dadq); 1023 struct dadq { 1024 TAILQ_ENTRY(dadq) dad_list; 1025 struct ifaddr *dad_ifa; 1026 int dad_count; /* max NS to send */ 1027 int dad_ns_tcount; /* # of trials to send NS */ 1028 int dad_ns_ocount; /* NS sent so far */ 1029 int dad_ns_icount; 1030 int dad_na_icount; 1031 struct callout dad_timer_ch; 1032 }; 1033 1034 static struct dadq_head dadq; 1035 static int dad_init = 0; 1036 1037 static struct dadq * 1038 nd6_dad_find(struct ifaddr *ifa) 1039 { 1040 struct dadq *dp; 1041 1042 TAILQ_FOREACH(dp, &dadq, dad_list) { 1043 if (dp->dad_ifa == ifa) 1044 return dp; 1045 } 1046 return NULL; 1047 } 1048 1049 static void 1050 nd6_dad_starttimer(struct dadq *dp, int ticks) 1051 { 1052 1053 callout_reset(&dp->dad_timer_ch, ticks, 1054 (void (*)(void *))nd6_dad_timer, (void *)dp->dad_ifa); 1055 } 1056 1057 static void 1058 nd6_dad_stoptimer(struct dadq *dp) 1059 { 1060 1061 callout_stop(&dp->dad_timer_ch); 1062 } 1063 1064 /* 1065 * Routine to report address flag changes to the routing socket 1066 */ 1067 void 1068 nd6_newaddrmsg(struct ifaddr *ifa) 1069 { 1070 struct sockaddr_in6 all1_sa; 1071 struct rtentry *nrt = NULL; 1072 int e; 1073 1074 sockaddr_in6_init(&all1_sa, &in6mask128, 0, 0, 0); 1075 1076 e = rtrequest(RTM_GET, ifa->ifa_addr, ifa->ifa_addr, 1077 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 1078 if (e != 0) { 1079 log(LOG_ERR, "nd6_newaddrmsg: " 1080 "RTM_GET operation failed for %s (errno=%d)\n", 1081 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 1082 e); 1083 } 1084 1085 if (nrt) { 1086 rt_newaddrmsg(RTM_ADD, ifa, e, nrt); 1087 #if 0 1088 log(LOG_DEBUG, "nd6_newaddrmsg: announced %s\n", 1089 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr) 1090 ); 1091 #endif 1092 nrt->rt_refcnt--; 1093 } 1094 } 1095 1096 1097 /* 1098 * Start Duplicate Address Detection (DAD) for specified interface address. 1099 * 1100 * Note that callout is used when xtick > 0 and not when xtick == 0. 1101 * 1102 * xtick: minimum delay ticks for IFF_UP event 1103 */ 1104 void 1105 nd6_dad_start(struct ifaddr *ifa, int xtick) 1106 { 1107 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1108 struct dadq *dp; 1109 1110 if (!dad_init) { 1111 TAILQ_INIT(&dadq); 1112 dad_init++; 1113 } 1114 1115 /* 1116 * If we don't need DAD, don't do it. 1117 * There are several cases: 1118 * - DAD is disabled (ip6_dad_count == 0) 1119 * - the interface address is anycast 1120 */ 1121 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) { 1122 log(LOG_DEBUG, 1123 "nd6_dad_start: called with non-tentative address " 1124 "%s(%s)\n", 1125 ip6_sprintf(&ia->ia_addr.sin6_addr), 1126 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1127 return; 1128 } 1129 if (ia->ia6_flags & IN6_IFF_ANYCAST || !ip6_dad_count) { 1130 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1131 nd6_newaddrmsg(ifa); 1132 return; 1133 } 1134 if (ifa->ifa_ifp == NULL) 1135 panic("nd6_dad_start: ifa->ifa_ifp == NULL"); 1136 if (!(ifa->ifa_ifp->if_flags & IFF_UP)) 1137 return; 1138 if (nd6_dad_find(ifa) != NULL) { 1139 /* DAD already in progress */ 1140 return; 1141 } 1142 1143 dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT); 1144 if (dp == NULL) { 1145 log(LOG_ERR, "nd6_dad_start: memory allocation failed for " 1146 "%s(%s)\n", 1147 ip6_sprintf(&ia->ia_addr.sin6_addr), 1148 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1149 return; 1150 } 1151 memset(dp, 0, sizeof(*dp)); 1152 callout_init(&dp->dad_timer_ch, CALLOUT_MPSAFE); 1153 TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list); 1154 1155 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp), 1156 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1157 1158 /* 1159 * Send NS packet for DAD, ip6_dad_count times. 1160 * Note that we must delay the first transmission, if this is the 1161 * first packet to be sent from the interface after interface 1162 * (re)initialization. 1163 */ 1164 dp->dad_ifa = ifa; 1165 IFAREF(ifa); /* just for safety */ 1166 dp->dad_count = ip6_dad_count; 1167 dp->dad_ns_icount = dp->dad_na_icount = 0; 1168 dp->dad_ns_ocount = dp->dad_ns_tcount = 0; 1169 if (xtick == 0) { 1170 nd6_dad_ns_output(dp, ifa); 1171 nd6_dad_starttimer(dp, 1172 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1173 } else 1174 nd6_dad_starttimer(dp, xtick); 1175 } 1176 1177 /* 1178 * terminate DAD unconditionally. used for address removals. 1179 */ 1180 void 1181 nd6_dad_stop(struct ifaddr *ifa) 1182 { 1183 struct dadq *dp; 1184 1185 if (!dad_init) 1186 return; 1187 dp = nd6_dad_find(ifa); 1188 if (dp == NULL) { 1189 /* DAD wasn't started yet */ 1190 return; 1191 } 1192 1193 nd6_dad_stoptimer(dp); 1194 1195 TAILQ_REMOVE(&dadq, dp, dad_list); 1196 free(dp, M_IP6NDP); 1197 dp = NULL; 1198 IFAFREE(ifa); 1199 } 1200 1201 static void 1202 nd6_dad_timer(struct ifaddr *ifa) 1203 { 1204 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1205 struct dadq *dp; 1206 1207 mutex_enter(softnet_lock); 1208 KERNEL_LOCK(1, NULL); 1209 1210 /* Sanity check */ 1211 if (ia == NULL) { 1212 log(LOG_ERR, "nd6_dad_timer: called with null parameter\n"); 1213 goto done; 1214 } 1215 dp = nd6_dad_find(ifa); 1216 if (dp == NULL) { 1217 log(LOG_ERR, "nd6_dad_timer: DAD structure not found\n"); 1218 goto done; 1219 } 1220 if (ia->ia6_flags & IN6_IFF_DUPLICATED) { 1221 log(LOG_ERR, "nd6_dad_timer: called with duplicate address " 1222 "%s(%s)\n", 1223 ip6_sprintf(&ia->ia_addr.sin6_addr), 1224 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1225 goto done; 1226 } 1227 if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) { 1228 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address " 1229 "%s(%s)\n", 1230 ip6_sprintf(&ia->ia_addr.sin6_addr), 1231 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1232 goto done; 1233 } 1234 1235 /* timeouted with IFF_{RUNNING,UP} check */ 1236 if (dp->dad_ns_tcount > dad_maxtry) { 1237 nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n", 1238 if_name(ifa->ifa_ifp))); 1239 1240 TAILQ_REMOVE(&dadq, dp, dad_list); 1241 free(dp, M_IP6NDP); 1242 dp = NULL; 1243 IFAFREE(ifa); 1244 goto done; 1245 } 1246 1247 /* Need more checks? */ 1248 if (dp->dad_ns_ocount < dp->dad_count) { 1249 /* 1250 * We have more NS to go. Send NS packet for DAD. 1251 */ 1252 nd6_dad_ns_output(dp, ifa); 1253 nd6_dad_starttimer(dp, 1254 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1255 } else { 1256 /* 1257 * We have transmitted sufficient number of DAD packets. 1258 * See what we've got. 1259 */ 1260 int duplicate; 1261 1262 duplicate = 0; 1263 1264 if (dp->dad_na_icount) { 1265 /* 1266 * the check is in nd6_dad_na_input(), 1267 * but just in case 1268 */ 1269 duplicate++; 1270 } 1271 1272 if (dp->dad_ns_icount) { 1273 /* We've seen NS, means DAD has failed. */ 1274 duplicate++; 1275 } 1276 1277 if (duplicate) { 1278 /* (*dp) will be freed in nd6_dad_duplicated() */ 1279 dp = NULL; 1280 nd6_dad_duplicated(ifa); 1281 } else { 1282 /* 1283 * We are done with DAD. No NA came, no NS came. 1284 * No duplicate address found. 1285 */ 1286 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1287 nd6_newaddrmsg(ifa); 1288 1289 nd6log((LOG_DEBUG, 1290 "%s: DAD complete for %s - no duplicates found\n", 1291 if_name(ifa->ifa_ifp), 1292 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1293 1294 TAILQ_REMOVE(&dadq, dp, dad_list); 1295 free(dp, M_IP6NDP); 1296 dp = NULL; 1297 IFAFREE(ifa); 1298 } 1299 } 1300 1301 done: 1302 KERNEL_UNLOCK_ONE(NULL); 1303 mutex_exit(softnet_lock); 1304 } 1305 1306 void 1307 nd6_dad_duplicated(struct ifaddr *ifa) 1308 { 1309 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1310 struct ifnet *ifp; 1311 struct dadq *dp; 1312 1313 dp = nd6_dad_find(ifa); 1314 if (dp == NULL) { 1315 log(LOG_ERR, "nd6_dad_duplicated: DAD structure not found\n"); 1316 return; 1317 } 1318 1319 ifp = ifa->ifa_ifp; 1320 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: " 1321 "NS in/out=%d/%d, NA in=%d\n", 1322 if_name(ifp), ip6_sprintf(&ia->ia_addr.sin6_addr), 1323 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_na_icount); 1324 1325 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1326 ia->ia6_flags |= IN6_IFF_DUPLICATED; 1327 1328 /* We are done with DAD, with duplicated address found. (failure) */ 1329 nd6_dad_stoptimer(dp); 1330 1331 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n", 1332 if_name(ifp), ip6_sprintf(&ia->ia_addr.sin6_addr)); 1333 log(LOG_ERR, "%s: manual intervention required\n", 1334 if_name(ifp)); 1335 1336 /* Inform the routing socket that DAD has completed */ 1337 nd6_newaddrmsg(ifa); 1338 1339 /* 1340 * If the address is a link-local address formed from an interface 1341 * identifier based on the hardware address which is supposed to be 1342 * uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP 1343 * operation on the interface SHOULD be disabled. 1344 * [rfc2462bis-03 Section 5.4.5] 1345 */ 1346 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) { 1347 struct in6_addr in6; 1348 1349 /* 1350 * To avoid over-reaction, we only apply this logic when we are 1351 * very sure that hardware addresses are supposed to be unique. 1352 */ 1353 switch (ifp->if_type) { 1354 case IFT_ETHER: 1355 case IFT_FDDI: 1356 case IFT_ATM: 1357 case IFT_IEEE1394: 1358 #ifdef IFT_IEEE80211 1359 case IFT_IEEE80211: 1360 #endif 1361 in6 = ia->ia_addr.sin6_addr; 1362 if (in6_get_hw_ifid(ifp, &in6) == 0 && 1363 IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) { 1364 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1365 log(LOG_ERR, "%s: possible hardware address " 1366 "duplication detected, disable IPv6\n", 1367 if_name(ifp)); 1368 } 1369 break; 1370 } 1371 } 1372 1373 TAILQ_REMOVE(&dadq, dp, dad_list); 1374 free(dp, M_IP6NDP); 1375 dp = NULL; 1376 IFAFREE(ifa); 1377 } 1378 1379 static void 1380 nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa) 1381 { 1382 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1383 struct ifnet *ifp = ifa->ifa_ifp; 1384 1385 dp->dad_ns_tcount++; 1386 if ((ifp->if_flags & IFF_UP) == 0) { 1387 #if 0 1388 printf("%s: interface down?\n", if_name(ifp)); 1389 #endif 1390 return; 1391 } 1392 if ((ifp->if_flags & IFF_RUNNING) == 0) { 1393 #if 0 1394 printf("%s: interface not running?\n", if_name(ifp)); 1395 #endif 1396 return; 1397 } 1398 1399 dp->dad_ns_tcount = 0; 1400 dp->dad_ns_ocount++; 1401 nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1); 1402 } 1403 1404 static void 1405 nd6_dad_ns_input(struct ifaddr *ifa) 1406 { 1407 struct in6_ifaddr *ia; 1408 const struct in6_addr *taddr6; 1409 struct dadq *dp; 1410 int duplicate; 1411 1412 if (ifa == NULL) 1413 panic("ifa == NULL in nd6_dad_ns_input"); 1414 1415 ia = (struct in6_ifaddr *)ifa; 1416 taddr6 = &ia->ia_addr.sin6_addr; 1417 duplicate = 0; 1418 dp = nd6_dad_find(ifa); 1419 1420 /* Quickhack - completely ignore DAD NS packets */ 1421 if (dad_ignore_ns) { 1422 nd6log((LOG_INFO, 1423 "nd6_dad_ns_input: ignoring DAD NS packet for " 1424 "address %s(%s)\n", ip6_sprintf(taddr6), 1425 if_name(ifa->ifa_ifp))); 1426 return; 1427 } 1428 1429 /* 1430 * if I'm yet to start DAD, someone else started using this address 1431 * first. I have a duplicate and you win. 1432 */ 1433 if (dp == NULL || dp->dad_ns_ocount == 0) 1434 duplicate++; 1435 1436 /* XXX more checks for loopback situation - see nd6_dad_timer too */ 1437 1438 if (duplicate) { 1439 dp = NULL; /* will be freed in nd6_dad_duplicated() */ 1440 nd6_dad_duplicated(ifa); 1441 } else { 1442 /* 1443 * not sure if I got a duplicate. 1444 * increment ns count and see what happens. 1445 */ 1446 if (dp) 1447 dp->dad_ns_icount++; 1448 } 1449 } 1450 1451 static void 1452 nd6_dad_na_input(struct ifaddr *ifa) 1453 { 1454 struct dadq *dp; 1455 1456 if (ifa == NULL) 1457 panic("ifa == NULL in nd6_dad_na_input"); 1458 1459 dp = nd6_dad_find(ifa); 1460 if (dp) 1461 dp->dad_na_icount++; 1462 1463 /* remove the address. */ 1464 nd6_dad_duplicated(ifa); 1465 } 1466