1 /* $OpenBSD: nd6.c,v 1.233 2020/06/24 22:03:44 cheloha Exp $ */ 2 /* $KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/timeout.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/sockio.h> 40 #include <sys/time.h> 41 #include <sys/kernel.h> 42 #include <sys/pool.h> 43 #include <sys/protosw.h> 44 #include <sys/errno.h> 45 #include <sys/ioctl.h> 46 #include <sys/syslog.h> 47 #include <sys/queue.h> 48 #include <sys/stdint.h> 49 #include <sys/task.h> 50 51 #include <net/if.h> 52 #include <net/if_dl.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <netinet/in.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip_ipsp.h> 59 60 #include <netinet6/in6_var.h> 61 #include <netinet/ip6.h> 62 #include <netinet6/ip6_var.h> 63 #include <netinet6/nd6.h> 64 #include <netinet/icmp6.h> 65 66 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 67 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 68 69 /* timer values */ 70 int nd6_timer_next = -1; /* at which uptime nd6_timer runs */ 71 time_t nd6_expire_next = -1; /* at which uptime nd6_expire runs */ 72 int nd6_delay = 5; /* delay first probe time 5 second */ 73 int nd6_umaxtries = 3; /* maximum unicast query */ 74 int nd6_mmaxtries = 3; /* maximum multicast query */ 75 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 76 77 /* preventing too many loops in ND option parsing */ 78 int nd6_maxndopt = 10; /* max # of ND options allowed */ 79 80 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 81 82 #ifdef ND6_DEBUG 83 int nd6_debug = 1; 84 #else 85 int nd6_debug = 0; 86 #endif 87 88 TAILQ_HEAD(llinfo_nd6_head, llinfo_nd6) nd6_list; 89 struct pool nd6_pool; /* pool for llinfo_nd6 structures */ 90 int nd6_inuse, nd6_allocated; 91 92 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 93 94 void nd6_timer(void *); 95 void nd6_slowtimo(void *); 96 void nd6_expire(void *); 97 void nd6_expire_timer(void *); 98 void nd6_invalidate(struct rtentry *); 99 void nd6_free(struct rtentry *); 100 int nd6_llinfo_timer(struct rtentry *); 101 102 struct timeout nd6_timer_to; 103 struct timeout nd6_slowtimo_ch; 104 struct timeout nd6_expire_timeout; 105 struct task nd6_expire_task; 106 107 void 108 nd6_init(void) 109 { 110 static int nd6_init_done = 0; 111 112 if (nd6_init_done) { 113 log(LOG_NOTICE, "%s called more than once\n", __func__); 114 return; 115 } 116 117 TAILQ_INIT(&nd6_list); 118 pool_init(&nd6_pool, sizeof(struct llinfo_nd6), 0, 119 IPL_SOFTNET, 0, "nd6", NULL); 120 121 task_set(&nd6_expire_task, nd6_expire, NULL); 122 123 nd6_init_done = 1; 124 125 /* start timer */ 126 timeout_set_proc(&nd6_timer_to, nd6_timer, &nd6_timer_to); 127 timeout_set_proc(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 128 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 129 timeout_set(&nd6_expire_timeout, nd6_expire_timer, NULL); 130 } 131 132 struct nd_ifinfo * 133 nd6_ifattach(struct ifnet *ifp) 134 { 135 struct nd_ifinfo *nd; 136 137 nd = malloc(sizeof(*nd), M_IP6NDP, M_WAITOK | M_ZERO); 138 139 nd->initialized = 1; 140 141 nd->basereachable = REACHABLE_TIME; 142 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 143 nd->retrans = RETRANS_TIMER; 144 /* per-interface IFXF_AUTOCONF6 needs to be set too to accept RAs */ 145 146 return nd; 147 } 148 149 void 150 nd6_ifdetach(struct nd_ifinfo *nd) 151 { 152 153 free(nd, M_IP6NDP, sizeof(*nd)); 154 } 155 156 void 157 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 158 { 159 bzero(ndopts, sizeof(*ndopts)); 160 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 161 ndopts->nd_opts_last 162 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 163 164 if (icmp6len == 0) { 165 ndopts->nd_opts_done = 1; 166 ndopts->nd_opts_search = NULL; 167 } 168 } 169 170 /* 171 * Take one ND option. 172 */ 173 struct nd_opt_hdr * 174 nd6_option(union nd_opts *ndopts) 175 { 176 struct nd_opt_hdr *nd_opt; 177 int olen; 178 179 if (!ndopts) 180 panic("%s: ndopts == NULL", __func__); 181 if (!ndopts->nd_opts_last) 182 panic("%s: uninitialized ndopts", __func__); 183 if (!ndopts->nd_opts_search) 184 return NULL; 185 if (ndopts->nd_opts_done) 186 return NULL; 187 188 nd_opt = ndopts->nd_opts_search; 189 190 /* make sure nd_opt_len is inside the buffer */ 191 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 192 bzero(ndopts, sizeof(*ndopts)); 193 return NULL; 194 } 195 196 olen = nd_opt->nd_opt_len << 3; 197 if (olen == 0) { 198 /* 199 * Message validation requires that all included 200 * options have a length that is greater than zero. 201 */ 202 bzero(ndopts, sizeof(*ndopts)); 203 return NULL; 204 } 205 206 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 207 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 208 /* option overruns the end of buffer, invalid */ 209 bzero(ndopts, sizeof(*ndopts)); 210 return NULL; 211 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 212 /* reached the end of options chain */ 213 ndopts->nd_opts_done = 1; 214 ndopts->nd_opts_search = NULL; 215 } 216 return nd_opt; 217 } 218 219 /* 220 * Parse multiple ND options. 221 * This function is much easier to use, for ND routines that do not need 222 * multiple options of the same type. 223 */ 224 int 225 nd6_options(union nd_opts *ndopts) 226 { 227 struct nd_opt_hdr *nd_opt; 228 int i = 0; 229 230 if (!ndopts) 231 panic("%s: ndopts == NULL", __func__); 232 if (!ndopts->nd_opts_last) 233 panic("%s: uninitialized ndopts", __func__); 234 if (!ndopts->nd_opts_search) 235 return 0; 236 237 while (1) { 238 nd_opt = nd6_option(ndopts); 239 if (!nd_opt && !ndopts->nd_opts_last) { 240 /* 241 * Message validation requires that all included 242 * options have a length that is greater than zero. 243 */ 244 icmp6stat_inc(icp6s_nd_badopt); 245 bzero(ndopts, sizeof(*ndopts)); 246 return -1; 247 } 248 249 if (!nd_opt) 250 goto skip1; 251 252 switch (nd_opt->nd_opt_type) { 253 case ND_OPT_SOURCE_LINKADDR: 254 case ND_OPT_TARGET_LINKADDR: 255 case ND_OPT_MTU: 256 case ND_OPT_REDIRECTED_HEADER: 257 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 258 nd6log((LOG_INFO, 259 "duplicated ND6 option found (type=%d)\n", 260 nd_opt->nd_opt_type)); 261 /* XXX bark? */ 262 } else { 263 ndopts->nd_opt_array[nd_opt->nd_opt_type] 264 = nd_opt; 265 } 266 break; 267 case ND_OPT_PREFIX_INFORMATION: 268 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 269 ndopts->nd_opt_array[nd_opt->nd_opt_type] 270 = nd_opt; 271 } 272 ndopts->nd_opts_pi_end = 273 (struct nd_opt_prefix_info *)nd_opt; 274 break; 275 default: 276 /* 277 * Unknown options must be silently ignored, 278 * to accommodate future extension to the protocol. 279 */ 280 nd6log((LOG_DEBUG, 281 "nd6_options: unsupported option %d - " 282 "option ignored\n", nd_opt->nd_opt_type)); 283 } 284 285 skip1: 286 i++; 287 if (i > nd6_maxndopt) { 288 icmp6stat_inc(icp6s_nd_toomanyopt); 289 nd6log((LOG_INFO, "too many loop in nd opt\n")); 290 break; 291 } 292 293 if (ndopts->nd_opts_done) 294 break; 295 } 296 297 return 0; 298 } 299 300 /* 301 * ND6 timer routine to handle ND6 entries 302 */ 303 void 304 nd6_llinfo_settimer(struct llinfo_nd6 *ln, unsigned int secs) 305 { 306 time_t expire = getuptime() + secs; 307 308 NET_ASSERT_LOCKED(); 309 KASSERT(!ISSET(ln->ln_rt->rt_flags, RTF_LOCAL)); 310 311 ln->ln_rt->rt_expire = expire; 312 if (!timeout_pending(&nd6_timer_to) || expire < nd6_timer_next) { 313 nd6_timer_next = expire; 314 timeout_add_sec(&nd6_timer_to, secs); 315 } 316 } 317 318 void 319 nd6_timer(void *arg) 320 { 321 struct llinfo_nd6 *ln, *nln; 322 time_t expire = getuptime() + nd6_gctimer; 323 int secs; 324 325 NET_LOCK(); 326 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 327 struct rtentry *rt = ln->ln_rt; 328 329 if (rt->rt_expire && rt->rt_expire <= getuptime()) 330 if (nd6_llinfo_timer(rt)) 331 continue; 332 333 if (rt->rt_expire && rt->rt_expire < expire) 334 expire = rt->rt_expire; 335 } 336 337 secs = expire - getuptime(); 338 if (secs < 0) 339 secs = 0; 340 if (!TAILQ_EMPTY(&nd6_list)) { 341 nd6_timer_next = getuptime() + secs; 342 timeout_add_sec(&nd6_timer_to, secs); 343 } 344 345 NET_UNLOCK(); 346 } 347 348 /* 349 * ND timer state handling. 350 * 351 * Returns 1 if `rt' should no longer be used, 0 otherwise. 352 */ 353 int 354 nd6_llinfo_timer(struct rtentry *rt) 355 { 356 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 357 struct sockaddr_in6 *dst = satosin6(rt_key(rt)); 358 struct ifnet *ifp; 359 struct nd_ifinfo *ndi = NULL; 360 361 NET_ASSERT_LOCKED(); 362 363 if ((ifp = if_get(rt->rt_ifidx)) == NULL) 364 return 1; 365 366 ndi = ND_IFINFO(ifp); 367 368 switch (ln->ln_state) { 369 case ND6_LLINFO_INCOMPLETE: 370 if (ln->ln_asked < nd6_mmaxtries) { 371 ln->ln_asked++; 372 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 373 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 374 } else { 375 struct mbuf *m = ln->ln_hold; 376 if (m) { 377 ln->ln_hold = NULL; 378 /* 379 * Fake rcvif to make the ICMP error 380 * more helpful in diagnosing for the 381 * receiver. 382 * XXX: should we consider 383 * older rcvif? 384 */ 385 m->m_pkthdr.ph_ifidx = rt->rt_ifidx; 386 387 icmp6_error(m, ICMP6_DST_UNREACH, 388 ICMP6_DST_UNREACH_ADDR, 0); 389 if (ln->ln_hold == m) { 390 /* m is back in ln_hold. Discard. */ 391 m_freem(ln->ln_hold); 392 ln->ln_hold = NULL; 393 } 394 } 395 nd6_free(rt); 396 ln = NULL; 397 } 398 break; 399 case ND6_LLINFO_REACHABLE: 400 if (!ND6_LLINFO_PERMANENT(ln)) { 401 ln->ln_state = ND6_LLINFO_STALE; 402 nd6_llinfo_settimer(ln, nd6_gctimer); 403 } 404 break; 405 406 case ND6_LLINFO_STALE: 407 case ND6_LLINFO_PURGE: 408 /* Garbage Collection(RFC 2461 5.3) */ 409 if (!ND6_LLINFO_PERMANENT(ln)) { 410 nd6_free(rt); 411 ln = NULL; 412 } 413 break; 414 415 case ND6_LLINFO_DELAY: 416 if (ndi) { 417 /* We need NUD */ 418 ln->ln_asked = 1; 419 ln->ln_state = ND6_LLINFO_PROBE; 420 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 421 nd6_ns_output(ifp, &dst->sin6_addr, 422 &dst->sin6_addr, ln, 0); 423 } 424 break; 425 case ND6_LLINFO_PROBE: 426 if (ln->ln_asked < nd6_umaxtries) { 427 ln->ln_asked++; 428 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 429 nd6_ns_output(ifp, &dst->sin6_addr, 430 &dst->sin6_addr, ln, 0); 431 } else { 432 nd6_free(rt); 433 ln = NULL; 434 } 435 break; 436 } 437 438 if_put(ifp); 439 440 return (ln == NULL); 441 } 442 443 void 444 nd6_expire_timer_update(struct in6_ifaddr *ia6) 445 { 446 time_t expire_time = INT64_MAX; 447 int secs; 448 449 KERNEL_ASSERT_LOCKED(); 450 451 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) 452 expire_time = ia6->ia6_lifetime.ia6t_expire; 453 454 if (!(ia6->ia6_flags & IN6_IFF_DEPRECATED) && 455 ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && 456 expire_time > ia6->ia6_lifetime.ia6t_preferred) 457 expire_time = ia6->ia6_lifetime.ia6t_preferred; 458 459 if (expire_time == INT64_MAX) 460 return; 461 462 /* 463 * IFA6_IS_INVALID() and IFA6_IS_DEPRECATED() check for uptime 464 * greater than ia6t_expire or ia6t_preferred, not greater or equal. 465 * Schedule timeout one second later so that either IFA6_IS_INVALID() 466 * or IFA6_IS_DEPRECATED() is true. 467 */ 468 expire_time++; 469 470 if (!timeout_pending(&nd6_expire_timeout) || 471 nd6_expire_next > expire_time) { 472 secs = expire_time - getuptime(); 473 if (secs < 0) 474 secs = 0; 475 476 timeout_add_sec(&nd6_expire_timeout, secs); 477 nd6_expire_next = expire_time; 478 } 479 } 480 481 /* 482 * Expire interface addresses. 483 */ 484 void 485 nd6_expire(void *unused) 486 { 487 struct ifnet *ifp; 488 489 KERNEL_LOCK(); 490 NET_LOCK(); 491 492 TAILQ_FOREACH(ifp, &ifnet, if_list) { 493 struct ifaddr *ifa, *nifa; 494 struct in6_ifaddr *ia6; 495 496 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrlist, ifa_list, nifa) { 497 if (ifa->ifa_addr->sa_family != AF_INET6) 498 continue; 499 ia6 = ifatoia6(ifa); 500 /* check address lifetime */ 501 if (IFA6_IS_INVALID(ia6)) { 502 in6_purgeaddr(&ia6->ia_ifa); 503 } else { 504 if (IFA6_IS_DEPRECATED(ia6)) 505 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 506 nd6_expire_timer_update(ia6); 507 } 508 } 509 } 510 511 NET_UNLOCK(); 512 KERNEL_UNLOCK(); 513 } 514 515 void 516 nd6_expire_timer(void *unused) 517 { 518 task_add(net_tq(0), &nd6_expire_task); 519 } 520 521 /* 522 * Nuke neighbor cache/prefix/default router management table, right before 523 * ifp goes away. 524 */ 525 void 526 nd6_purge(struct ifnet *ifp) 527 { 528 struct llinfo_nd6 *ln, *nln; 529 530 NET_ASSERT_LOCKED(); 531 532 /* 533 * Nuke neighbor cache entries for the ifp. 534 */ 535 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 536 struct rtentry *rt; 537 struct sockaddr_dl *sdl; 538 539 rt = ln->ln_rt; 540 if (rt != NULL && rt->rt_gateway != NULL && 541 rt->rt_gateway->sa_family == AF_LINK) { 542 sdl = satosdl(rt->rt_gateway); 543 if (sdl->sdl_index == ifp->if_index) 544 nd6_free(rt); 545 } 546 } 547 } 548 549 struct rtentry * 550 nd6_lookup(struct in6_addr *addr6, int create, struct ifnet *ifp, 551 u_int rtableid) 552 { 553 struct rtentry *rt; 554 struct sockaddr_in6 sin6; 555 int flags; 556 557 bzero(&sin6, sizeof(sin6)); 558 sin6.sin6_len = sizeof(struct sockaddr_in6); 559 sin6.sin6_family = AF_INET6; 560 sin6.sin6_addr = *addr6; 561 flags = (create) ? RT_RESOLVE : 0; 562 563 rt = rtalloc(sin6tosa(&sin6), flags, rtableid); 564 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) { 565 /* 566 * This is the case for the default route. 567 * If we want to create a neighbor cache for the address, we 568 * should free the route for the destination and allocate an 569 * interface route. 570 */ 571 if (create) { 572 rtfree(rt); 573 rt = NULL; 574 } 575 } 576 if (rt == NULL) { 577 if (create && ifp) { 578 struct rt_addrinfo info; 579 struct ifaddr *ifa; 580 int error; 581 582 /* 583 * If no route is available and create is set, 584 * we allocate a host route for the destination 585 * and treat it like an interface route. 586 * This hack is necessary for a neighbor which can't 587 * be covered by our own prefix. 588 */ 589 ifa = ifaof_ifpforaddr(sin6tosa(&sin6), ifp); 590 if (ifa == NULL) 591 return (NULL); 592 593 /* 594 * Create a new route. RTF_LLINFO is necessary 595 * to create a Neighbor Cache entry for the 596 * destination in nd6_rtrequest which will be 597 * called in rtrequest. 598 */ 599 bzero(&info, sizeof(info)); 600 info.rti_ifa = ifa; 601 info.rti_flags = RTF_HOST | RTF_LLINFO; 602 info.rti_info[RTAX_DST] = sin6tosa(&sin6); 603 info.rti_info[RTAX_GATEWAY] = sdltosa(ifp->if_sadl); 604 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, &rt, 605 rtableid); 606 if (error) 607 return (NULL); 608 if (rt->rt_llinfo != NULL) { 609 struct llinfo_nd6 *ln = 610 (struct llinfo_nd6 *)rt->rt_llinfo; 611 ln->ln_state = ND6_LLINFO_NOSTATE; 612 } 613 } else 614 return (NULL); 615 } 616 /* 617 * Validation for the entry. 618 * Note that the check for rt_llinfo is necessary because a cloned 619 * route from a parent route that has the L flag (e.g. the default 620 * route to a p2p interface) may have the flag, too, while the 621 * destination is not actually a neighbor. 622 */ 623 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 624 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 625 (ifp != NULL && rt->rt_ifidx != ifp->if_index)) { 626 if (create) { 627 char addr[INET6_ADDRSTRLEN]; 628 nd6log((LOG_DEBUG, "%s: failed to lookup %s (if=%s)\n", 629 __func__, 630 inet_ntop(AF_INET6, addr6, addr, sizeof(addr)), 631 ifp ? ifp->if_xname : "unspec")); 632 } 633 rtfree(rt); 634 return (NULL); 635 } 636 return (rt); 637 } 638 639 /* 640 * Detect if a given IPv6 address identifies a neighbor on a given link. 641 * XXX: should take care of the destination of a p2p link? 642 */ 643 int 644 nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 645 { 646 struct in6_ifaddr *ia6; 647 struct ifaddr *ifa; 648 struct rtentry *rt; 649 650 /* 651 * A link-local address is always a neighbor. 652 * XXX: we should use the sin6_scope_id field rather than the embedded 653 * interface index. 654 * XXX: a link does not necessarily specify a single interface. 655 */ 656 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 657 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 658 return (1); 659 660 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 661 if (ifa->ifa_addr->sa_family != AF_INET6) 662 continue; 663 664 ia6 = ifatoia6(ifa); 665 666 /* Prefix check down below. */ 667 if (ia6->ia6_flags & IN6_IFF_AUTOCONF) 668 continue; 669 670 if (IN6_ARE_MASKED_ADDR_EQUAL(&addr->sin6_addr, 671 &ia6->ia_addr.sin6_addr, 672 &ia6->ia_prefixmask.sin6_addr)) 673 return (1); 674 } 675 676 /* 677 * Even if the address matches none of our addresses, it might be 678 * in the neighbor cache. 679 */ 680 rt = nd6_lookup(&addr->sin6_addr, 0, ifp, ifp->if_rdomain); 681 if (rt != NULL) { 682 rtfree(rt); 683 return (1); 684 } 685 686 return (0); 687 } 688 689 void 690 nd6_invalidate(struct rtentry *rt) 691 { 692 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 693 694 m_freem(ln->ln_hold); 695 ln->ln_hold = NULL; 696 ln->ln_state = ND6_LLINFO_INCOMPLETE; 697 ln->ln_asked = 0; 698 } 699 700 /* 701 * Free an nd6 llinfo entry. 702 * Since the function would cause significant changes in the kernel, DO NOT 703 * make it global, unless you have a strong reason for the change, and are sure 704 * that the change is safe. 705 */ 706 void 707 nd6_free(struct rtentry *rt) 708 { 709 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 710 struct in6_addr in6 = satosin6(rt_key(rt))->sin6_addr; 711 struct ifnet *ifp; 712 713 NET_ASSERT_LOCKED(); 714 715 ifp = if_get(rt->rt_ifidx); 716 717 if (!ip6_forwarding) { 718 if (ln->ln_router) { 719 /* 720 * rt6_flush must be called whether or not the neighbor 721 * is in the Default Router List. 722 * See a corresponding comment in nd6_na_input(). 723 */ 724 rt6_flush(&in6, ifp); 725 } 726 } 727 728 KASSERT(!ISSET(rt->rt_flags, RTF_LOCAL)); 729 nd6_invalidate(rt); 730 731 /* 732 * Detach the route from the routing tree and the list of neighbor 733 * caches, and disable the route entry not to be used in already 734 * cached routes. 735 */ 736 if (!ISSET(rt->rt_flags, RTF_STATIC|RTF_CACHED)) 737 rtdeletemsg(rt, ifp, ifp->if_rdomain); 738 739 if_put(ifp); 740 } 741 742 /* 743 * Upper-layer reachability hint for Neighbor Unreachability Detection. 744 * 745 * XXX cost-effective methods? 746 */ 747 void 748 nd6_nud_hint(struct rtentry *rt) 749 { 750 struct llinfo_nd6 *ln; 751 struct ifnet *ifp; 752 753 ifp = if_get(rt->rt_ifidx); 754 if (ifp == NULL) 755 return; 756 757 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 758 (rt->rt_flags & RTF_LLINFO) == 0 || 759 rt->rt_llinfo == NULL || rt->rt_gateway == NULL || 760 rt->rt_gateway->sa_family != AF_LINK) { 761 /* This is not a host route. */ 762 goto out; 763 } 764 765 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 766 if (ln->ln_state < ND6_LLINFO_REACHABLE) 767 goto out; 768 769 /* 770 * if we get upper-layer reachability confirmation many times, 771 * it is possible we have false information. 772 */ 773 ln->ln_byhint++; 774 if (ln->ln_byhint > nd6_maxnudhint) 775 goto out; 776 777 ln->ln_state = ND6_LLINFO_REACHABLE; 778 if (!ND6_LLINFO_PERMANENT(ln)) 779 nd6_llinfo_settimer(ln, ND_IFINFO(ifp)->reachable); 780 out: 781 if_put(ifp); 782 } 783 784 void 785 nd6_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt) 786 { 787 struct sockaddr *gate = rt->rt_gateway; 788 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 789 struct ifaddr *ifa; 790 791 if (ISSET(rt->rt_flags, RTF_GATEWAY|RTF_MULTICAST|RTF_MPLS)) 792 return; 793 794 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 795 /* 796 * This is probably an interface direct route for a link 797 * which does not need neighbor caches (e.g. fe80::%lo0/64). 798 * We do not need special treatment below for such a route. 799 * Moreover, the RTF_LLINFO flag which would be set below 800 * would annoy the ndp(8) command. 801 */ 802 return; 803 } 804 805 if (req == RTM_RESOLVE && nd6_need_cache(ifp) == 0) { 806 /* 807 * For routing daemons like ospf6d we allow neighbor discovery 808 * based on the cloning route only. This allows us to sent 809 * packets directly into a network without having an address 810 * with matching prefix on the interface. If the cloning 811 * route is used for an stf interface, we would mistakenly 812 * make a neighbor cache for the host route, and would see 813 * strange neighbor solicitation for the corresponding 814 * destination. In order to avoid confusion, we check if the 815 * interface is suitable for neighbor discovery, and stop the 816 * process if not. Additionally, we remove the LLINFO flag 817 * so that ndp(8) will not try to get the neighbor information 818 * of the destination. 819 */ 820 rt->rt_flags &= ~RTF_LLINFO; 821 return; 822 } 823 824 switch (req) { 825 case RTM_ADD: 826 if ((rt->rt_flags & RTF_CLONING) || 827 ((rt->rt_flags & (RTF_LLINFO | RTF_LOCAL)) && ln == NULL)) { 828 if (ln != NULL) 829 nd6_llinfo_settimer(ln, 0); 830 if ((rt->rt_flags & RTF_CLONING) != 0) 831 break; 832 } 833 /* 834 * In IPv4 code, we try to announce new RTF_ANNOUNCE entry here. 835 * We don't do that here since llinfo is not ready yet. 836 * 837 * There are also couple of other things to be discussed: 838 * - unsolicited NA code needs improvement beforehand 839 * - RFC2461 says we MAY send multicast unsolicited NA 840 * (7.2.6 paragraph 4), however, it also says that we 841 * SHOULD provide a mechanism to prevent multicast NA storm. 842 * we don't have anything like it right now. 843 * note that the mechanism needs a mutual agreement 844 * between proxies, which means that we need to implement 845 * a new protocol, or a new kludge. 846 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 847 * we need to check ip6forwarding before sending it. 848 * (or should we allow proxy ND configuration only for 849 * routers? there's no mention about proxy ND from hosts) 850 */ 851 #if 0 852 /* XXX it does not work */ 853 if (rt->rt_flags & RTF_ANNOUNCE) 854 nd6_na_output(ifp, 855 &satosin6(rt_key(rt))->sin6_addr, 856 &satosin6(rt_key(rt))->sin6_addr, 857 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 858 1, NULL); 859 #endif 860 /* FALLTHROUGH */ 861 case RTM_RESOLVE: 862 if (gate->sa_family != AF_LINK || 863 gate->sa_len < sizeof(struct sockaddr_dl)) { 864 log(LOG_DEBUG, "%s: bad gateway value: %s\n", 865 __func__, ifp->if_xname); 866 break; 867 } 868 satosdl(gate)->sdl_type = ifp->if_type; 869 satosdl(gate)->sdl_index = ifp->if_index; 870 if (ln != NULL) 871 break; /* This happens on a route change */ 872 /* 873 * Case 2: This route may come from cloning, or a manual route 874 * add with a LL address. 875 */ 876 ln = pool_get(&nd6_pool, PR_NOWAIT | PR_ZERO); 877 rt->rt_llinfo = (caddr_t)ln; 878 if (ln == NULL) { 879 log(LOG_DEBUG, "%s: pool get failed\n", __func__); 880 break; 881 } 882 nd6_inuse++; 883 nd6_allocated++; 884 ln->ln_rt = rt; 885 /* this is required for "ndp" command. - shin */ 886 if (req == RTM_ADD) { 887 /* 888 * gate should have some valid AF_LINK entry, 889 * and ln expire should have some lifetime 890 * which is specified by ndp command. 891 */ 892 ln->ln_state = ND6_LLINFO_REACHABLE; 893 ln->ln_byhint = 0; 894 } else { 895 /* 896 * When req == RTM_RESOLVE, rt is created and 897 * initialized in rtrequest(), so rt_expire is 0. 898 */ 899 ln->ln_state = ND6_LLINFO_NOSTATE; 900 nd6_llinfo_settimer(ln, 0); 901 } 902 rt->rt_flags |= RTF_LLINFO; 903 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 904 905 /* 906 * If we have too many cache entries, initiate immediate 907 * purging for some "less recently used" entries. Note that 908 * we cannot directly call nd6_free() here because it would 909 * cause re-entering rtable related routines triggering an LOR 910 * problem for FreeBSD. 911 */ 912 if (ip6_neighborgcthresh >= 0 && 913 nd6_inuse >= ip6_neighborgcthresh) { 914 int i; 915 916 for (i = 0; i < 10; i++) { 917 struct llinfo_nd6 *ln_end; 918 919 ln_end = TAILQ_LAST(&nd6_list, llinfo_nd6_head); 920 if (ln_end == ln) 921 break; 922 923 /* Move this entry to the head */ 924 TAILQ_REMOVE(&nd6_list, ln_end, ln_list); 925 TAILQ_INSERT_HEAD(&nd6_list, ln_end, ln_list); 926 927 if (ND6_LLINFO_PERMANENT(ln_end)) 928 continue; 929 930 if (ln_end->ln_state > ND6_LLINFO_INCOMPLETE) 931 ln_end->ln_state = ND6_LLINFO_STALE; 932 else 933 ln_end->ln_state = ND6_LLINFO_PURGE; 934 nd6_llinfo_settimer(ln_end, 0); 935 } 936 } 937 938 /* 939 * check if rt_key(rt) is one of my address assigned 940 * to the interface. 941 */ 942 ifa = &in6ifa_ifpwithaddr(ifp, 943 &satosin6(rt_key(rt))->sin6_addr)->ia_ifa; 944 if (ifa) { 945 ln->ln_state = ND6_LLINFO_REACHABLE; 946 ln->ln_byhint = 0; 947 rt->rt_expire = 0; 948 KASSERT(ifa == rt->rt_ifa); 949 } else if (rt->rt_flags & RTF_ANNOUNCE) { 950 ln->ln_state = ND6_LLINFO_REACHABLE; 951 ln->ln_byhint = 0; 952 rt->rt_expire = 0; 953 954 /* join solicited node multicast for proxy ND */ 955 if (ifp->if_flags & IFF_MULTICAST) { 956 struct in6_addr llsol; 957 int error; 958 959 llsol = satosin6(rt_key(rt))->sin6_addr; 960 llsol.s6_addr16[0] = htons(0xff02); 961 llsol.s6_addr16[1] = htons(ifp->if_index); 962 llsol.s6_addr32[1] = 0; 963 llsol.s6_addr32[2] = htonl(1); 964 llsol.s6_addr8[12] = 0xff; 965 966 if (in6_addmulti(&llsol, ifp, &error)) { 967 char addr[INET6_ADDRSTRLEN]; 968 nd6log((LOG_ERR, "%s: failed to join " 969 "%s (errno=%d)\n", ifp->if_xname, 970 inet_ntop(AF_INET6, &llsol, 971 addr, sizeof(addr)), 972 error)); 973 } 974 } 975 } 976 break; 977 978 case RTM_DELETE: 979 if (ln == NULL) 980 break; 981 /* leave from solicited node multicast for proxy ND */ 982 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 983 (ifp->if_flags & IFF_MULTICAST) != 0) { 984 struct in6_addr llsol; 985 struct in6_multi *in6m; 986 987 llsol = satosin6(rt_key(rt))->sin6_addr; 988 llsol.s6_addr16[0] = htons(0xff02); 989 llsol.s6_addr16[1] = htons(ifp->if_index); 990 llsol.s6_addr32[1] = 0; 991 llsol.s6_addr32[2] = htonl(1); 992 llsol.s6_addr8[12] = 0xff; 993 994 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 995 if (in6m) 996 in6_delmulti(in6m); 997 } 998 nd6_inuse--; 999 TAILQ_REMOVE(&nd6_list, ln, ln_list); 1000 rt->rt_expire = 0; 1001 rt->rt_llinfo = NULL; 1002 rt->rt_flags &= ~RTF_LLINFO; 1003 m_freem(ln->ln_hold); 1004 pool_put(&nd6_pool, ln); 1005 break; 1006 1007 case RTM_INVALIDATE: 1008 if (ln == NULL) 1009 break; 1010 if (!ISSET(rt->rt_flags, RTF_LOCAL)) 1011 nd6_invalidate(rt); 1012 break; 1013 } 1014 } 1015 1016 int 1017 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1018 { 1019 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1020 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1021 struct rtentry *rt; 1022 1023 switch (cmd) { 1024 case SIOCGIFINFO_IN6: 1025 NET_RLOCK_IN_IOCTL(); 1026 ndi->ndi = *ND_IFINFO(ifp); 1027 NET_RUNLOCK_IN_IOCTL(); 1028 return (0); 1029 case SIOCGNBRINFO_IN6: 1030 { 1031 struct llinfo_nd6 *ln; 1032 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1033 time_t expire; 1034 1035 NET_RLOCK_IN_IOCTL(); 1036 /* 1037 * XXX: KAME specific hack for scoped addresses 1038 * XXXX: for other scopes than link-local? 1039 */ 1040 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1041 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1042 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1043 1044 if (*idp == 0) 1045 *idp = htons(ifp->if_index); 1046 } 1047 1048 rt = nd6_lookup(&nb_addr, 0, ifp, ifp->if_rdomain); 1049 if (rt == NULL || 1050 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) { 1051 rtfree(rt); 1052 NET_RUNLOCK_IN_IOCTL(); 1053 return (EINVAL); 1054 } 1055 expire = ln->ln_rt->rt_expire; 1056 if (expire != 0) { 1057 expire -= getuptime(); 1058 expire += gettime(); 1059 } 1060 1061 nbi->state = ln->ln_state; 1062 nbi->asked = ln->ln_asked; 1063 nbi->isrouter = ln->ln_router; 1064 nbi->expire = expire; 1065 1066 rtfree(rt); 1067 NET_RUNLOCK_IN_IOCTL(); 1068 return (0); 1069 } 1070 } 1071 return (0); 1072 } 1073 1074 /* 1075 * Create neighbor cache entry and cache link-layer address, 1076 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1077 * 1078 * type - ICMP6 type 1079 * code - type dependent information 1080 */ 1081 void 1082 nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1083 int lladdrlen, int type, int code) 1084 { 1085 struct rtentry *rt = NULL; 1086 struct llinfo_nd6 *ln = NULL; 1087 int is_newentry; 1088 struct sockaddr_dl *sdl = NULL; 1089 int do_update; 1090 int olladdr; 1091 int llchange; 1092 int newstate = 0; 1093 1094 if (!ifp) 1095 panic("%s: ifp == NULL", __func__); 1096 if (!from) 1097 panic("%s: from == NULL", __func__); 1098 1099 /* nothing must be updated for unspecified address */ 1100 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1101 return; 1102 1103 /* 1104 * Validation about ifp->if_addrlen and lladdrlen must be done in 1105 * the caller. 1106 * 1107 * XXX If the link does not have link-layer address, what should 1108 * we do? (ifp->if_addrlen == 0) 1109 * Spec says nothing in sections for RA, RS and NA. There's small 1110 * description on it in NS section (RFC 2461 7.2.3). 1111 */ 1112 1113 rt = nd6_lookup(from, 0, ifp, ifp->if_rdomain); 1114 if (rt == NULL) { 1115 rt = nd6_lookup(from, 1, ifp, ifp->if_rdomain); 1116 is_newentry = 1; 1117 } else { 1118 /* do not overwrite local or static entry */ 1119 if (ISSET(rt->rt_flags, RTF_STATIC|RTF_LOCAL)) { 1120 rtfree(rt); 1121 return; 1122 } 1123 is_newentry = 0; 1124 } 1125 1126 if (!rt) 1127 return; 1128 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1129 fail: 1130 nd6_free(rt); 1131 rtfree(rt); 1132 return; 1133 } 1134 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1135 if (ln == NULL) 1136 goto fail; 1137 if (rt->rt_gateway == NULL) 1138 goto fail; 1139 if (rt->rt_gateway->sa_family != AF_LINK) 1140 goto fail; 1141 sdl = satosdl(rt->rt_gateway); 1142 1143 olladdr = (sdl->sdl_alen) ? 1 : 0; 1144 if (olladdr && lladdr) { 1145 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1146 llchange = 1; 1147 else 1148 llchange = 0; 1149 } else 1150 llchange = 0; 1151 1152 /* 1153 * newentry olladdr lladdr llchange (*=record) 1154 * 0 n n -- (1) 1155 * 0 y n -- (2) 1156 * 0 n y -- (3) * STALE 1157 * 0 y y n (4) * 1158 * 0 y y y (5) * STALE 1159 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1160 * 1 -- y -- (7) * STALE 1161 */ 1162 1163 if (llchange) { 1164 char addr[INET6_ADDRSTRLEN]; 1165 log(LOG_INFO, "ndp info overwritten for %s by %s on %s\n", 1166 inet_ntop(AF_INET6, from, addr, sizeof(addr)), 1167 ether_sprintf(lladdr), ifp->if_xname); 1168 } 1169 if (lladdr) { /* (3-5) and (7) */ 1170 /* 1171 * Record source link-layer address 1172 * XXX is it dependent to ifp->if_type? 1173 */ 1174 sdl->sdl_alen = ifp->if_addrlen; 1175 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1176 } 1177 1178 if (!is_newentry) { 1179 if ((!olladdr && lladdr) || /* (3) */ 1180 (olladdr && lladdr && llchange)) { /* (5) */ 1181 do_update = 1; 1182 newstate = ND6_LLINFO_STALE; 1183 } else /* (1-2,4) */ 1184 do_update = 0; 1185 } else { 1186 do_update = 1; 1187 if (!lladdr) /* (6) */ 1188 newstate = ND6_LLINFO_NOSTATE; 1189 else /* (7) */ 1190 newstate = ND6_LLINFO_STALE; 1191 } 1192 1193 if (do_update) { 1194 /* 1195 * Update the state of the neighbor cache. 1196 */ 1197 ln->ln_state = newstate; 1198 1199 if (ln->ln_state == ND6_LLINFO_STALE) { 1200 /* 1201 * Since nd6_resolve() in ifp->if_output() will cause 1202 * state transition to DELAY and reset the timer, 1203 * we must set the timer now, although it is actually 1204 * meaningless. 1205 */ 1206 nd6_llinfo_settimer(ln, nd6_gctimer); 1207 1208 if (ln->ln_hold) { 1209 struct mbuf *n = ln->ln_hold; 1210 ln->ln_hold = NULL; 1211 /* 1212 * we assume ifp is not a p2p here, so just 1213 * set the 2nd argument as the 1st one. 1214 */ 1215 ifp->if_output(ifp, n, rt_key(rt), rt); 1216 if (ln->ln_hold == n) { 1217 /* n is back in ln_hold. Discard. */ 1218 m_freem(ln->ln_hold); 1219 ln->ln_hold = NULL; 1220 } 1221 } 1222 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1223 /* probe right away */ 1224 nd6_llinfo_settimer(ln, 0); 1225 } 1226 } 1227 1228 /* 1229 * ICMP6 type dependent behavior. 1230 * 1231 * NS: clear IsRouter if new entry 1232 * RS: clear IsRouter 1233 * RA: set IsRouter if there's lladdr 1234 * redir: clear IsRouter if new entry 1235 * 1236 * RA case, (1): 1237 * The spec says that we must set IsRouter in the following cases: 1238 * - If lladdr exist, set IsRouter. This means (1-5). 1239 * - If it is old entry (!newentry), set IsRouter. This means (7). 1240 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1241 * A question arises for (1) case. (1) case has no lladdr in the 1242 * neighbor cache, this is similar to (6). 1243 * This case is rare but we figured that we MUST NOT set IsRouter. 1244 * 1245 * newentry olladdr lladdr llchange NS RS RA redir 1246 * D R 1247 * 0 n n -- (1) c ? s 1248 * 0 y n -- (2) c s s 1249 * 0 n y -- (3) c s s 1250 * 0 y y n (4) c s s 1251 * 0 y y y (5) c s s 1252 * 1 -- n -- (6) c c c s 1253 * 1 -- y -- (7) c c s c s 1254 * 1255 * (c=clear s=set) 1256 */ 1257 switch (type & 0xff) { 1258 case ND_NEIGHBOR_SOLICIT: 1259 /* 1260 * New entry must have is_router flag cleared. 1261 */ 1262 if (is_newentry) /* (6-7) */ 1263 ln->ln_router = 0; 1264 break; 1265 case ND_REDIRECT: 1266 /* 1267 * If the icmp is a redirect to a better router, always set the 1268 * is_router flag. Otherwise, if the entry is newly created, 1269 * clear the flag. [RFC 2461, sec 8.3] 1270 */ 1271 if (code == ND_REDIRECT_ROUTER) 1272 ln->ln_router = 1; 1273 else if (is_newentry) /* (6-7) */ 1274 ln->ln_router = 0; 1275 break; 1276 case ND_ROUTER_SOLICIT: 1277 /* 1278 * is_router flag must always be cleared. 1279 */ 1280 ln->ln_router = 0; 1281 break; 1282 case ND_ROUTER_ADVERT: 1283 /* 1284 * Mark an entry with lladdr as a router. 1285 */ 1286 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1287 (is_newentry && lladdr)) { /* (7) */ 1288 ln->ln_router = 1; 1289 } 1290 break; 1291 } 1292 1293 rtfree(rt); 1294 } 1295 1296 void 1297 nd6_slowtimo(void *ignored_arg) 1298 { 1299 struct nd_ifinfo *nd6if; 1300 struct ifnet *ifp; 1301 1302 NET_LOCK(); 1303 1304 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 1305 1306 TAILQ_FOREACH(ifp, &ifnet, if_list) { 1307 nd6if = ND_IFINFO(ifp); 1308 if (nd6if->basereachable && /* already initialized */ 1309 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1310 /* 1311 * Since reachable time rarely changes by router 1312 * advertisements, we SHOULD insure that a new random 1313 * value gets recomputed at least once every few hours. 1314 * (RFC 2461, 6.3.4) 1315 */ 1316 nd6if->recalctm = nd6_recalc_reachtm_interval; 1317 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1318 } 1319 } 1320 NET_UNLOCK(); 1321 } 1322 1323 int 1324 nd6_resolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 1325 struct sockaddr *dst, u_char *desten) 1326 { 1327 struct sockaddr_dl *sdl; 1328 struct rtentry *rt; 1329 struct llinfo_nd6 *ln = NULL; 1330 1331 if (m->m_flags & M_MCAST) { 1332 ETHER_MAP_IPV6_MULTICAST(&satosin6(dst)->sin6_addr, desten); 1333 return (0); 1334 } 1335 1336 rt = rt_getll(rt0); 1337 1338 if (ISSET(rt->rt_flags, RTF_REJECT) && 1339 (rt->rt_expire == 0 || getuptime() < rt->rt_expire)) { 1340 m_freem(m); 1341 return (rt == rt0 ? EHOSTDOWN : EHOSTUNREACH); 1342 } 1343 1344 /* 1345 * Address resolution or Neighbor Unreachability Detection 1346 * for the next hop. 1347 * At this point, the destination of the packet must be a unicast 1348 * or an anycast address(i.e. not a multicast). 1349 */ 1350 if (!ISSET(rt->rt_flags, RTF_LLINFO)) { 1351 char addr[INET6_ADDRSTRLEN]; 1352 log(LOG_DEBUG, "%s: %s: route contains no ND information\n", 1353 __func__, inet_ntop(AF_INET6, 1354 &satosin6(rt_key(rt))->sin6_addr, addr, sizeof(addr))); 1355 m_freem(m); 1356 return (EINVAL); 1357 } 1358 1359 if (rt->rt_gateway->sa_family != AF_LINK) { 1360 printf("%s: something odd happens\n", __func__); 1361 m_freem(m); 1362 return (EINVAL); 1363 } 1364 1365 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1366 KASSERT(ln != NULL); 1367 1368 /* 1369 * Move this entry to the head of the queue so that it is less likely 1370 * for this entry to be a target of forced garbage collection (see 1371 * nd6_rtrequest()). 1372 */ 1373 TAILQ_REMOVE(&nd6_list, ln, ln_list); 1374 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 1375 1376 /* 1377 * The first time we send a packet to a neighbor whose entry is 1378 * STALE, we have to change the state to DELAY and a sets a timer to 1379 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1380 * neighbor unreachability detection on expiration. 1381 * (RFC 2461 7.3.3) 1382 */ 1383 if (ln->ln_state == ND6_LLINFO_STALE) { 1384 ln->ln_asked = 0; 1385 ln->ln_state = ND6_LLINFO_DELAY; 1386 nd6_llinfo_settimer(ln, nd6_delay); 1387 } 1388 1389 /* 1390 * If the neighbor cache entry has a state other than INCOMPLETE 1391 * (i.e. its link-layer address is already resolved), just 1392 * send the packet. 1393 */ 1394 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) { 1395 sdl = satosdl(rt->rt_gateway); 1396 if (sdl->sdl_alen != ETHER_ADDR_LEN) { 1397 char addr[INET6_ADDRSTRLEN]; 1398 log(LOG_DEBUG, "%s: %s: incorrect nd6 information\n", 1399 __func__, 1400 inet_ntop(AF_INET6, &satosin6(dst)->sin6_addr, 1401 addr, sizeof(addr))); 1402 m_freem(m); 1403 return (EINVAL); 1404 } 1405 1406 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 1407 return (0); 1408 } 1409 1410 /* 1411 * There is a neighbor cache entry, but no ethernet address 1412 * response yet. Replace the held mbuf (if any) with this 1413 * latest one. 1414 */ 1415 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1416 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1417 m_freem(ln->ln_hold); 1418 ln->ln_hold = m; 1419 1420 /* 1421 * If there has been no NS for the neighbor after entering the 1422 * INCOMPLETE state, send the first solicitation. 1423 */ 1424 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 1425 ln->ln_asked++; 1426 nd6_llinfo_settimer(ln, ND_IFINFO(ifp)->retrans / 1000); 1427 nd6_ns_output(ifp, NULL, &satosin6(dst)->sin6_addr, ln, 0); 1428 } 1429 return (EAGAIN); 1430 } 1431 1432 int 1433 nd6_need_cache(struct ifnet *ifp) 1434 { 1435 /* 1436 * RFC2893 says: 1437 * - unidirectional tunnels needs no ND 1438 */ 1439 switch (ifp->if_type) { 1440 case IFT_ETHER: 1441 case IFT_IEEE80211: 1442 case IFT_CARP: 1443 return (1); 1444 default: 1445 return (0); 1446 } 1447 } 1448