1 /* $OpenBSD: nd6.c,v 1.278 2023/05/08 13:14:21 bluhm Exp $ */ 2 /* $KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/timeout.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/sockio.h> 40 #include <sys/time.h> 41 #include <sys/kernel.h> 42 #include <sys/pool.h> 43 #include <sys/errno.h> 44 #include <sys/ioctl.h> 45 #include <sys/syslog.h> 46 #include <sys/queue.h> 47 #include <sys/stdint.h> 48 #include <sys/task.h> 49 50 #include <net/if.h> 51 #include <net/if_dl.h> 52 #include <net/if_types.h> 53 #include <net/route.h> 54 55 #include <netinet/in.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip_ipsp.h> 58 59 #include <netinet6/in6_var.h> 60 #include <netinet/ip6.h> 61 #include <netinet6/ip6_var.h> 62 #include <netinet6/nd6.h> 63 #include <netinet/icmp6.h> 64 65 /* 66 * Locks used to protect struct members in this file: 67 * a atomic operations 68 * I immutable after creation 69 * K kernel lock 70 * m nd6 mutex, needed when net lock is shared 71 * N net lock 72 */ 73 74 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 75 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 76 77 /* timer values */ 78 int nd6_timer_next = -1; /* at which uptime nd6_timer runs */ 79 time_t nd6_expire_next = -1; /* at which uptime nd6_expire runs */ 80 int nd6_delay = 5; /* delay first probe time 5 second */ 81 int nd6_umaxtries = 3; /* maximum unicast query */ 82 int nd6_mmaxtries = 3; /* maximum multicast query */ 83 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 84 85 /* preventing too many loops in ND option parsing */ 86 int nd6_maxndopt = 10; /* max # of ND options allowed */ 87 88 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 89 90 #ifdef ND6_DEBUG 91 int nd6_debug = 1; 92 #else 93 int nd6_debug = 0; 94 #endif 95 96 /* llinfo_nd6 live time, rt_llinfo and RTF_LLINFO are protected by nd6_mtx */ 97 struct mutex nd6_mtx = MUTEX_INITIALIZER(IPL_SOFTNET); 98 99 TAILQ_HEAD(llinfo_nd6_head, llinfo_nd6) nd6_list = 100 TAILQ_HEAD_INITIALIZER(nd6_list); /* [mN] list of llinfo_nd6 structures */ 101 struct pool nd6_pool; /* [I] pool for llinfo_nd6 structures */ 102 int nd6_inuse; /* [m] limit neigbor discovery routes */ 103 unsigned int ln_hold_total; /* [a] packets currently in the nd6 queue */ 104 105 void nd6_timer(void *); 106 void nd6_slowtimo(void *); 107 void nd6_expire(void *); 108 void nd6_expire_timer(void *); 109 void nd6_invalidate(struct rtentry *); 110 void nd6_free(struct rtentry *); 111 int nd6_llinfo_timer(struct rtentry *); 112 113 struct timeout nd6_timer_to; 114 struct timeout nd6_slowtimo_ch; 115 struct timeout nd6_expire_timeout; 116 struct task nd6_expire_task; 117 118 void 119 nd6_init(void) 120 { 121 pool_init(&nd6_pool, sizeof(struct llinfo_nd6), 0, 122 IPL_SOFTNET, 0, "nd6", NULL); 123 124 task_set(&nd6_expire_task, nd6_expire, NULL); 125 126 /* start timer */ 127 timeout_set_proc(&nd6_timer_to, nd6_timer, NULL); 128 timeout_set_proc(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 129 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 130 timeout_set(&nd6_expire_timeout, nd6_expire_timer, NULL); 131 } 132 133 void 134 nd6_ifattach(struct ifnet *ifp) 135 { 136 struct nd_ifinfo *nd; 137 138 nd = malloc(sizeof(*nd), M_IP6NDP, M_WAITOK | M_ZERO); 139 140 nd->reachable = ND_COMPUTE_RTIME(REACHABLE_TIME); 141 142 ifp->if_nd = nd; 143 } 144 145 void 146 nd6_ifdetach(struct ifnet *ifp) 147 { 148 struct nd_ifinfo *nd = ifp->if_nd; 149 150 free(nd, M_IP6NDP, sizeof(*nd)); 151 } 152 153 /* 154 * Parse multiple ND options. 155 * This function is much easier to use, for ND routines that do not need 156 * multiple options of the same type. 157 */ 158 int 159 nd6_options(void *opt, int icmp6len, struct nd_opts *ndopts) 160 { 161 struct nd_opt_hdr *nd_opt, *next_opt, *last_opt; 162 int i = 0; 163 164 bzero(ndopts, sizeof(*ndopts)); 165 166 if (icmp6len == 0) 167 return 0; 168 169 next_opt = opt; 170 last_opt = (struct nd_opt_hdr *)((u_char *)opt + icmp6len); 171 172 while (next_opt != NULL) { 173 int olen; 174 175 nd_opt = next_opt; 176 177 /* make sure nd_opt_len is inside the buffer */ 178 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)last_opt) 179 goto invalid; 180 181 /* every option must have a length greater than zero */ 182 olen = nd_opt->nd_opt_len << 3; 183 if (olen == 0) 184 goto invalid; 185 186 next_opt = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 187 if (next_opt > last_opt) { 188 /* option overruns the end of buffer */ 189 goto invalid; 190 } else if (next_opt == last_opt) { 191 /* reached the end of options chain */ 192 next_opt = NULL; 193 } 194 195 switch (nd_opt->nd_opt_type) { 196 case ND_OPT_SOURCE_LINKADDR: 197 if (ndopts->nd_opts_src_lladdr != NULL) 198 nd6log((LOG_INFO, "duplicated ND6 option found " 199 "(type=%d)\n", nd_opt->nd_opt_type)); 200 else 201 ndopts->nd_opts_src_lladdr = nd_opt; 202 break; 203 case ND_OPT_TARGET_LINKADDR: 204 if (ndopts->nd_opts_tgt_lladdr != NULL) 205 nd6log((LOG_INFO, "duplicated ND6 option found " 206 "(type=%d)\n", nd_opt->nd_opt_type)); 207 else 208 ndopts->nd_opts_tgt_lladdr = nd_opt; 209 break; 210 case ND_OPT_MTU: 211 case ND_OPT_REDIRECTED_HEADER: 212 case ND_OPT_PREFIX_INFORMATION: 213 case ND_OPT_DNSSL: 214 case ND_OPT_RDNSS: 215 /* Don't warn, not used by kernel */ 216 break; 217 default: 218 /* 219 * Unknown options must be silently ignored, 220 * to accommodate future extension to the protocol. 221 */ 222 nd6log((LOG_DEBUG, 223 "nd6_options: unsupported option %d - " 224 "option ignored\n", nd_opt->nd_opt_type)); 225 break; 226 } 227 228 i++; 229 if (i > nd6_maxndopt) { 230 icmp6stat_inc(icp6s_nd_toomanyopt); 231 nd6log((LOG_INFO, "too many loop in nd opt\n")); 232 break; 233 } 234 } 235 236 return 0; 237 238 invalid: 239 bzero(ndopts, sizeof(*ndopts)); 240 icmp6stat_inc(icp6s_nd_badopt); 241 return -1; 242 } 243 244 /* 245 * ND6 timer routine to handle ND6 entries 246 */ 247 void 248 nd6_llinfo_settimer(const struct llinfo_nd6 *ln, unsigned int secs) 249 { 250 time_t expire = getuptime() + secs; 251 252 NET_ASSERT_LOCKED(); 253 KASSERT(!ISSET(ln->ln_rt->rt_flags, RTF_LOCAL)); 254 255 ln->ln_rt->rt_expire = expire; 256 if (!timeout_pending(&nd6_timer_to) || expire < nd6_timer_next) { 257 nd6_timer_next = expire; 258 timeout_add_sec(&nd6_timer_to, secs); 259 } 260 } 261 262 void 263 nd6_timer(void *unused) 264 { 265 struct llinfo_nd6 *ln, *nln; 266 time_t uptime, expire; 267 int secs; 268 269 NET_LOCK(); 270 271 uptime = getuptime(); 272 expire = uptime + nd6_gctimer; 273 274 /* Net lock is exclusive, no nd6 mutex needed for nd6_list here. */ 275 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 276 struct rtentry *rt = ln->ln_rt; 277 278 if (rt->rt_expire && rt->rt_expire <= uptime) 279 if (nd6_llinfo_timer(rt)) 280 continue; 281 282 if (rt->rt_expire && rt->rt_expire < expire) 283 expire = rt->rt_expire; 284 } 285 286 secs = expire - uptime; 287 if (secs < 0) 288 secs = 0; 289 if (!TAILQ_EMPTY(&nd6_list)) { 290 nd6_timer_next = uptime + secs; 291 timeout_add_sec(&nd6_timer_to, secs); 292 } 293 294 NET_UNLOCK(); 295 } 296 297 /* 298 * ND timer state handling. 299 * 300 * Returns 1 if `rt' should no longer be used, 0 otherwise. 301 */ 302 int 303 nd6_llinfo_timer(struct rtentry *rt) 304 { 305 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 306 struct sockaddr_in6 *dst = satosin6(rt_key(rt)); 307 struct ifnet *ifp; 308 309 NET_ASSERT_LOCKED(); 310 311 if ((ifp = if_get(rt->rt_ifidx)) == NULL) 312 return 1; 313 314 switch (ln->ln_state) { 315 case ND6_LLINFO_INCOMPLETE: 316 if (ln->ln_asked < nd6_mmaxtries) { 317 ln->ln_asked++; 318 nd6_llinfo_settimer(ln, RETRANS_TIMER / 1000); 319 nd6_ns_output(ifp, NULL, &dst->sin6_addr, 320 &ln->ln_saddr6, 0); 321 } else { 322 struct mbuf_list ml; 323 struct mbuf *m; 324 unsigned int len; 325 326 mq_delist(&ln->ln_mq, &ml); 327 len = ml_len(&ml); 328 while ((m = ml_dequeue(&ml)) != NULL) { 329 /* 330 * Fake rcvif to make the ICMP error 331 * more helpful in diagnosing for the 332 * receiver. 333 * XXX: should we consider older rcvif? 334 */ 335 m->m_pkthdr.ph_ifidx = rt->rt_ifidx; 336 337 icmp6_error(m, ICMP6_DST_UNREACH, 338 ICMP6_DST_UNREACH_ADDR, 0); 339 } 340 341 /* XXXSMP we also discard if other CPU enqueues */ 342 if (mq_len(&ln->ln_mq) > 0) { 343 /* mbuf is back in queue. Discard. */ 344 atomic_sub_int(&ln_hold_total, 345 len + mq_purge(&ln->ln_mq)); 346 } else 347 atomic_sub_int(&ln_hold_total, len); 348 349 nd6_free(rt); 350 ln = NULL; 351 } 352 break; 353 354 case ND6_LLINFO_REACHABLE: 355 if (!ND6_LLINFO_PERMANENT(ln)) { 356 ln->ln_state = ND6_LLINFO_STALE; 357 nd6_llinfo_settimer(ln, nd6_gctimer); 358 } 359 break; 360 361 case ND6_LLINFO_STALE: 362 case ND6_LLINFO_PURGE: 363 /* Garbage Collection(RFC 2461 5.3) */ 364 if (!ND6_LLINFO_PERMANENT(ln)) { 365 nd6_free(rt); 366 ln = NULL; 367 } 368 break; 369 370 case ND6_LLINFO_DELAY: 371 /* We need NUD */ 372 ln->ln_asked = 1; 373 ln->ln_state = ND6_LLINFO_PROBE; 374 nd6_llinfo_settimer(ln, RETRANS_TIMER / 1000); 375 nd6_ns_output(ifp, &dst->sin6_addr, &dst->sin6_addr, 376 &ln->ln_saddr6, 0); 377 break; 378 379 case ND6_LLINFO_PROBE: 380 if (ln->ln_asked < nd6_umaxtries) { 381 ln->ln_asked++; 382 nd6_llinfo_settimer(ln, RETRANS_TIMER / 1000); 383 nd6_ns_output(ifp, &dst->sin6_addr, &dst->sin6_addr, 384 &ln->ln_saddr6, 0); 385 } else { 386 nd6_free(rt); 387 ln = NULL; 388 } 389 break; 390 } 391 392 if_put(ifp); 393 394 return (ln == NULL); 395 } 396 397 void 398 nd6_expire_timer_update(struct in6_ifaddr *ia6) 399 { 400 time_t expire_time = INT64_MAX; 401 402 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) 403 expire_time = ia6->ia6_lifetime.ia6t_expire; 404 405 if (!(ia6->ia6_flags & IN6_IFF_DEPRECATED) && 406 ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && 407 expire_time > ia6->ia6_lifetime.ia6t_preferred) 408 expire_time = ia6->ia6_lifetime.ia6t_preferred; 409 410 if (expire_time == INT64_MAX) 411 return; 412 413 /* 414 * IFA6_IS_INVALID() and IFA6_IS_DEPRECATED() check for uptime 415 * greater than ia6t_expire or ia6t_preferred, not greater or equal. 416 * Schedule timeout one second later so that either IFA6_IS_INVALID() 417 * or IFA6_IS_DEPRECATED() is true. 418 */ 419 expire_time++; 420 421 if (!timeout_pending(&nd6_expire_timeout) || 422 nd6_expire_next > expire_time) { 423 int secs; 424 425 secs = expire_time - getuptime(); 426 if (secs < 0) 427 secs = 0; 428 429 timeout_add_sec(&nd6_expire_timeout, secs); 430 nd6_expire_next = expire_time; 431 } 432 } 433 434 /* 435 * Expire interface addresses. 436 */ 437 void 438 nd6_expire(void *unused) 439 { 440 struct ifnet *ifp; 441 442 NET_LOCK(); 443 444 TAILQ_FOREACH(ifp, &ifnetlist, if_list) { 445 struct ifaddr *ifa, *nifa; 446 struct in6_ifaddr *ia6; 447 448 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrlist, ifa_list, nifa) { 449 if (ifa->ifa_addr->sa_family != AF_INET6) 450 continue; 451 ia6 = ifatoia6(ifa); 452 /* check address lifetime */ 453 if (IFA6_IS_INVALID(ia6)) { 454 in6_purgeaddr(&ia6->ia_ifa); 455 } else { 456 if (IFA6_IS_DEPRECATED(ia6)) 457 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 458 nd6_expire_timer_update(ia6); 459 } 460 } 461 } 462 463 NET_UNLOCK(); 464 } 465 466 void 467 nd6_expire_timer(void *unused) 468 { 469 task_add(net_tq(0), &nd6_expire_task); 470 } 471 472 /* 473 * Nuke neighbor cache/prefix/default router management table, right before 474 * ifp goes away. 475 */ 476 void 477 nd6_purge(struct ifnet *ifp) 478 { 479 struct llinfo_nd6 *ln, *nln; 480 481 NET_ASSERT_LOCKED_EXCLUSIVE(); 482 483 /* 484 * Nuke neighbor cache entries for the ifp. 485 */ 486 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 487 struct rtentry *rt; 488 struct sockaddr_dl *sdl; 489 490 rt = ln->ln_rt; 491 if (rt != NULL && rt->rt_gateway != NULL && 492 rt->rt_gateway->sa_family == AF_LINK) { 493 sdl = satosdl(rt->rt_gateway); 494 if (sdl->sdl_index == ifp->if_index) 495 nd6_free(rt); 496 } 497 } 498 } 499 500 struct rtentry * 501 nd6_lookup(const struct in6_addr *addr6, int create, struct ifnet *ifp, 502 u_int rtableid) 503 { 504 struct rtentry *rt; 505 struct sockaddr_in6 sin6; 506 int flags; 507 508 bzero(&sin6, sizeof(sin6)); 509 sin6.sin6_len = sizeof(struct sockaddr_in6); 510 sin6.sin6_family = AF_INET6; 511 sin6.sin6_addr = *addr6; 512 flags = (create) ? RT_RESOLVE : 0; 513 514 rt = rtalloc(sin6tosa(&sin6), flags, rtableid); 515 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) { 516 /* 517 * This is the case for the default route. 518 * If we want to create a neighbor cache for the address, we 519 * should free the route for the destination and allocate an 520 * interface route. 521 */ 522 if (create) { 523 rtfree(rt); 524 rt = NULL; 525 } 526 } 527 if (rt == NULL) { 528 if (create && ifp) { 529 struct rt_addrinfo info; 530 struct ifaddr *ifa; 531 int error; 532 533 /* 534 * If no route is available and create is set, 535 * we allocate a host route for the destination 536 * and treat it like an interface route. 537 * This hack is necessary for a neighbor which can't 538 * be covered by our own prefix. 539 */ 540 ifa = ifaof_ifpforaddr(sin6tosa(&sin6), ifp); 541 if (ifa == NULL) 542 return (NULL); 543 544 /* 545 * Create a new route. RTF_LLINFO is necessary 546 * to create a Neighbor Cache entry for the 547 * destination in nd6_rtrequest which will be 548 * called in rtrequest. 549 */ 550 bzero(&info, sizeof(info)); 551 info.rti_ifa = ifa; 552 info.rti_flags = RTF_HOST | RTF_LLINFO; 553 info.rti_info[RTAX_DST] = sin6tosa(&sin6); 554 info.rti_info[RTAX_GATEWAY] = sdltosa(ifp->if_sadl); 555 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, &rt, 556 rtableid); 557 if (error) 558 return (NULL); 559 if (rt->rt_llinfo != NULL) { 560 struct llinfo_nd6 *ln = 561 (struct llinfo_nd6 *)rt->rt_llinfo; 562 ln->ln_state = ND6_LLINFO_NOSTATE; 563 } 564 } else 565 return (NULL); 566 } 567 /* 568 * Validation for the entry. 569 * Note that the check for rt_llinfo is necessary because a cloned 570 * route from a parent route that has the L flag (e.g. the default 571 * route to a p2p interface) may have the flag, too, while the 572 * destination is not actually a neighbor. 573 */ 574 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 575 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 576 (ifp != NULL && rt->rt_ifidx != ifp->if_index)) { 577 if (create) { 578 char addr[INET6_ADDRSTRLEN]; 579 nd6log((LOG_DEBUG, "%s: failed to lookup %s (if=%s)\n", 580 __func__, 581 inet_ntop(AF_INET6, addr6, addr, sizeof(addr)), 582 ifp ? ifp->if_xname : "unspec")); 583 } 584 rtfree(rt); 585 return (NULL); 586 } 587 return (rt); 588 } 589 590 /* 591 * Detect if a given IPv6 address identifies a neighbor on a given link. 592 * XXX: should take care of the destination of a p2p link? 593 */ 594 int 595 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 596 { 597 struct in6_ifaddr *ia6; 598 struct ifaddr *ifa; 599 struct rtentry *rt; 600 601 /* 602 * A link-local address is always a neighbor. 603 * XXX: we should use the sin6_scope_id field rather than the embedded 604 * interface index. 605 * XXX: a link does not necessarily specify a single interface. 606 */ 607 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 608 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 609 return (1); 610 611 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 612 if (ifa->ifa_addr->sa_family != AF_INET6) 613 continue; 614 615 ia6 = ifatoia6(ifa); 616 617 /* Prefix check down below. */ 618 if (ia6->ia6_flags & IN6_IFF_AUTOCONF) 619 continue; 620 621 if (IN6_ARE_MASKED_ADDR_EQUAL(&addr->sin6_addr, 622 &ia6->ia_addr.sin6_addr, 623 &ia6->ia_prefixmask.sin6_addr)) 624 return (1); 625 } 626 627 /* 628 * Even if the address matches none of our addresses, it might be 629 * in the neighbor cache. 630 */ 631 rt = nd6_lookup(&addr->sin6_addr, 0, ifp, ifp->if_rdomain); 632 if (rt != NULL) { 633 rtfree(rt); 634 return (1); 635 } 636 637 return (0); 638 } 639 640 void 641 nd6_invalidate(struct rtentry *rt) 642 { 643 struct llinfo_nd6 *ln; 644 struct sockaddr_dl *sdl = satosdl(rt->rt_gateway); 645 646 mtx_enter(&nd6_mtx); 647 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 648 if (ln == NULL) { 649 mtx_leave(&nd6_mtx); 650 return; 651 } 652 atomic_sub_int(&ln_hold_total, mq_purge(&ln->ln_mq)); 653 sdl->sdl_alen = 0; 654 ln->ln_state = ND6_LLINFO_INCOMPLETE; 655 ln->ln_asked = 0; 656 mtx_leave(&nd6_mtx); 657 } 658 659 /* 660 * Free an nd6 llinfo entry. 661 */ 662 void 663 nd6_free(struct rtentry *rt) 664 { 665 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 666 struct in6_addr in6 = satosin6(rt_key(rt))->sin6_addr; 667 struct ifnet *ifp; 668 669 NET_ASSERT_LOCKED(); 670 671 ifp = if_get(rt->rt_ifidx); 672 673 if (!ip6_forwarding) { 674 if (ln->ln_router) { 675 /* 676 * rt6_flush must be called whether or not the neighbor 677 * is in the Default Router List. 678 * See a corresponding comment in nd6_na_input(). 679 */ 680 rt6_flush(&in6, ifp); 681 } 682 } 683 684 KASSERT(!ISSET(rt->rt_flags, RTF_LOCAL)); 685 nd6_invalidate(rt); 686 687 /* 688 * Detach the route from the routing tree and the list of neighbor 689 * caches, and disable the route entry not to be used in already 690 * cached routes. 691 */ 692 if (!ISSET(rt->rt_flags, RTF_STATIC|RTF_CACHED)) 693 rtdeletemsg(rt, ifp, ifp->if_rdomain); 694 695 if_put(ifp); 696 } 697 698 /* 699 * Upper-layer reachability hint for Neighbor Unreachability Detection. 700 * 701 * XXX cost-effective methods? 702 */ 703 void 704 nd6_nud_hint(struct rtentry *rt) 705 { 706 struct llinfo_nd6 *ln; 707 struct ifnet *ifp; 708 709 ifp = if_get(rt->rt_ifidx); 710 if (ifp == NULL) 711 return; 712 713 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 714 (rt->rt_flags & RTF_LLINFO) == 0 || 715 rt->rt_llinfo == NULL || rt->rt_gateway == NULL || 716 rt->rt_gateway->sa_family != AF_LINK) { 717 /* This is not a host route. */ 718 goto out; 719 } 720 721 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 722 if (ln->ln_state < ND6_LLINFO_REACHABLE) 723 goto out; 724 725 /* 726 * if we get upper-layer reachability confirmation many times, 727 * it is possible we have false information. 728 */ 729 ln->ln_byhint++; 730 if (ln->ln_byhint > nd6_maxnudhint) 731 goto out; 732 733 ln->ln_state = ND6_LLINFO_REACHABLE; 734 if (!ND6_LLINFO_PERMANENT(ln)) 735 nd6_llinfo_settimer(ln, ifp->if_nd->reachable); 736 out: 737 if_put(ifp); 738 } 739 740 void 741 nd6_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt) 742 { 743 struct sockaddr *gate = rt->rt_gateway; 744 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 745 struct ifaddr *ifa; 746 struct in6_ifaddr *ifa6; 747 748 if (ISSET(rt->rt_flags, RTF_GATEWAY|RTF_MULTICAST|RTF_MPLS)) 749 return; 750 751 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 752 /* 753 * This is probably an interface direct route for a link 754 * which does not need neighbor caches (e.g. fe80::%lo0/64). 755 * We do not need special treatment below for such a route. 756 * Moreover, the RTF_LLINFO flag which would be set below 757 * would annoy the ndp(8) command. 758 */ 759 return; 760 } 761 762 if (req == RTM_RESOLVE && nd6_need_cache(ifp) == 0) { 763 /* 764 * For routing daemons like ospf6d we allow neighbor discovery 765 * based on the cloning route only. This allows us to send 766 * packets directly into a network without having an address 767 * with matching prefix on the interface. If the cloning 768 * route is used for an 6to4 interface, we would mistakenly 769 * make a neighbor cache for the host route, and would see 770 * strange neighbor solicitation for the corresponding 771 * destination. In order to avoid confusion, we check if the 772 * interface is suitable for neighbor discovery, and stop the 773 * process if not. Additionally, we remove the LLINFO flag 774 * so that ndp(8) will not try to get the neighbor information 775 * of the destination. 776 */ 777 rt->rt_flags &= ~RTF_LLINFO; 778 return; 779 } 780 781 switch (req) { 782 case RTM_ADD: 783 if (rt->rt_flags & RTF_CLONING) { 784 rt->rt_expire = 0; 785 break; 786 } 787 if ((rt->rt_flags & RTF_LOCAL) && rt->rt_llinfo == NULL) 788 rt->rt_expire = 0; 789 /* FALLTHROUGH */ 790 case RTM_RESOLVE: 791 if (gate->sa_family != AF_LINK || 792 gate->sa_len < sizeof(struct sockaddr_dl)) { 793 log(LOG_DEBUG, "%s: bad gateway value: %s\n", 794 __func__, ifp->if_xname); 795 break; 796 } 797 satosdl(gate)->sdl_type = ifp->if_type; 798 satosdl(gate)->sdl_index = ifp->if_index; 799 /* 800 * Case 2: This route may come from cloning, or a manual route 801 * add with a LL address. 802 */ 803 ln = pool_get(&nd6_pool, PR_NOWAIT | PR_ZERO); 804 if (ln == NULL) { 805 log(LOG_DEBUG, "%s: pool get failed\n", __func__); 806 break; 807 } 808 809 mtx_enter(&nd6_mtx); 810 if (rt->rt_llinfo != NULL) { 811 /* we lost the race, another thread has entered it */ 812 mtx_leave(&nd6_mtx); 813 pool_put(&nd6_pool, ln); 814 break; 815 } 816 nd6_inuse++; 817 mq_init(&ln->ln_mq, LN_HOLD_QUEUE, IPL_SOFTNET); 818 rt->rt_llinfo = (caddr_t)ln; 819 ln->ln_rt = rt; 820 rt->rt_flags |= RTF_LLINFO; 821 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 822 /* this is required for "ndp" command. - shin */ 823 if (req == RTM_ADD) { 824 /* 825 * gate should have some valid AF_LINK entry, 826 * and ln expire should have some lifetime 827 * which is specified by ndp command. 828 */ 829 ln->ln_state = ND6_LLINFO_REACHABLE; 830 ln->ln_byhint = 0; 831 } else { 832 /* 833 * When req == RTM_RESOLVE, rt is created and 834 * initialized in rtrequest(), so rt_expire is 0. 835 */ 836 ln->ln_state = ND6_LLINFO_NOSTATE; 837 nd6_llinfo_settimer(ln, 0); 838 } 839 840 /* 841 * If we have too many cache entries, initiate immediate 842 * purging for some "less recently used" entries. Note that 843 * we cannot directly call nd6_free() here because it would 844 * cause re-entering rtable related routines triggering 845 * lock-order-reversal problems. 846 */ 847 if (ip6_neighborgcthresh >= 0 && 848 nd6_inuse >= ip6_neighborgcthresh) { 849 int i; 850 851 for (i = 0; i < 10; i++) { 852 struct llinfo_nd6 *ln_end; 853 854 ln_end = TAILQ_LAST(&nd6_list, llinfo_nd6_head); 855 if (ln_end == ln) 856 break; 857 858 /* Move this entry to the head */ 859 TAILQ_REMOVE(&nd6_list, ln_end, ln_list); 860 TAILQ_INSERT_HEAD(&nd6_list, ln_end, ln_list); 861 862 if (ND6_LLINFO_PERMANENT(ln_end)) 863 continue; 864 865 if (ln_end->ln_state > ND6_LLINFO_INCOMPLETE) 866 ln_end->ln_state = ND6_LLINFO_STALE; 867 else 868 ln_end->ln_state = ND6_LLINFO_PURGE; 869 nd6_llinfo_settimer(ln_end, 0); 870 } 871 } 872 873 /* 874 * check if rt_key(rt) is one of my address assigned 875 * to the interface. 876 */ 877 ifa6 = in6ifa_ifpwithaddr(ifp, 878 &satosin6(rt_key(rt))->sin6_addr); 879 ifa = ifa6 ? &ifa6->ia_ifa : NULL; 880 if (ifa != NULL || 881 (rt->rt_flags & RTF_ANNOUNCE)) { 882 ln->ln_state = ND6_LLINFO_REACHABLE; 883 ln->ln_byhint = 0; 884 rt->rt_expire = 0; 885 } 886 mtx_leave(&nd6_mtx); 887 888 /* join solicited node multicast for proxy ND */ 889 if (ifa == NULL && 890 (rt->rt_flags & RTF_ANNOUNCE) && 891 (ifp->if_flags & IFF_MULTICAST)) { 892 struct in6_addr llsol; 893 int error; 894 895 llsol = satosin6(rt_key(rt))->sin6_addr; 896 llsol.s6_addr16[0] = htons(0xff02); 897 llsol.s6_addr16[1] = htons(ifp->if_index); 898 llsol.s6_addr32[1] = 0; 899 llsol.s6_addr32[2] = htonl(1); 900 llsol.s6_addr8[12] = 0xff; 901 902 KERNEL_LOCK(); 903 if (in6_addmulti(&llsol, ifp, &error)) { 904 char addr[INET6_ADDRSTRLEN]; 905 nd6log((LOG_ERR, "%s: failed to join " 906 "%s (errno=%d)\n", ifp->if_xname, 907 inet_ntop(AF_INET6, &llsol, 908 addr, sizeof(addr)), 909 error)); 910 } 911 KERNEL_UNLOCK(); 912 } 913 break; 914 915 case RTM_DELETE: 916 mtx_enter(&nd6_mtx); 917 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 918 if (ln == NULL) { 919 /* we lost the race, another thread has removed it */ 920 mtx_leave(&nd6_mtx); 921 break; 922 } 923 nd6_inuse--; 924 TAILQ_REMOVE(&nd6_list, ln, ln_list); 925 rt->rt_expire = 0; 926 rt->rt_llinfo = NULL; 927 rt->rt_flags &= ~RTF_LLINFO; 928 atomic_sub_int(&ln_hold_total, mq_purge(&ln->ln_mq)); 929 mtx_leave(&nd6_mtx); 930 931 pool_put(&nd6_pool, ln); 932 933 /* leave from solicited node multicast for proxy ND */ 934 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 935 (ifp->if_flags & IFF_MULTICAST) != 0) { 936 struct in6_addr llsol; 937 struct in6_multi *in6m; 938 939 llsol = satosin6(rt_key(rt))->sin6_addr; 940 llsol.s6_addr16[0] = htons(0xff02); 941 llsol.s6_addr16[1] = htons(ifp->if_index); 942 llsol.s6_addr32[1] = 0; 943 llsol.s6_addr32[2] = htonl(1); 944 llsol.s6_addr8[12] = 0xff; 945 946 KERNEL_LOCK(); 947 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 948 if (in6m) 949 in6_delmulti(in6m); 950 KERNEL_UNLOCK(); 951 } 952 break; 953 954 case RTM_INVALIDATE: 955 if (!ISSET(rt->rt_flags, RTF_LOCAL)) 956 nd6_invalidate(rt); 957 break; 958 } 959 } 960 961 int 962 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 963 { 964 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 965 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 966 struct rtentry *rt; 967 968 switch (cmd) { 969 case SIOCGIFINFO_IN6: 970 NET_LOCK_SHARED(); 971 ndi->ndi = *ifp->if_nd; 972 NET_UNLOCK_SHARED(); 973 return (0); 974 case SIOCGNBRINFO_IN6: 975 { 976 struct llinfo_nd6 *ln; 977 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 978 time_t expire; 979 980 NET_LOCK_SHARED(); 981 /* 982 * XXX: KAME specific hack for scoped addresses 983 * XXXX: for other scopes than link-local? 984 */ 985 if (IN6_IS_ADDR_LINKLOCAL(&nb_addr) || 986 IN6_IS_ADDR_MC_LINKLOCAL(&nb_addr)) { 987 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 988 989 if (*idp == 0) 990 *idp = htons(ifp->if_index); 991 } 992 993 rt = nd6_lookup(&nb_addr, 0, ifp, ifp->if_rdomain); 994 if (rt == NULL || 995 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) { 996 rtfree(rt); 997 NET_UNLOCK_SHARED(); 998 return (EINVAL); 999 } 1000 expire = ln->ln_rt->rt_expire; 1001 if (expire != 0) { 1002 expire -= getuptime(); 1003 expire += gettime(); 1004 } 1005 1006 nbi->state = ln->ln_state; 1007 nbi->asked = ln->ln_asked; 1008 nbi->isrouter = ln->ln_router; 1009 nbi->expire = expire; 1010 1011 rtfree(rt); 1012 NET_UNLOCK_SHARED(); 1013 return (0); 1014 } 1015 } 1016 return (0); 1017 } 1018 1019 /* 1020 * Create neighbor cache entry and cache link-layer address, 1021 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1022 * 1023 * type - ICMP6 type 1024 * code - type dependent information 1025 */ 1026 void 1027 nd6_cache_lladdr(struct ifnet *ifp, const struct in6_addr *from, char *lladdr, 1028 int lladdrlen, int type, int code) 1029 { 1030 struct rtentry *rt = NULL; 1031 struct llinfo_nd6 *ln = NULL; 1032 int is_newentry; 1033 struct sockaddr_dl *sdl = NULL; 1034 int do_update; 1035 int olladdr; 1036 int llchange; 1037 int newstate = 0; 1038 1039 if (!ifp) 1040 panic("%s: ifp == NULL", __func__); 1041 if (!from) 1042 panic("%s: from == NULL", __func__); 1043 1044 /* nothing must be updated for unspecified address */ 1045 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1046 return; 1047 1048 /* 1049 * Validation about ifp->if_addrlen and lladdrlen must be done in 1050 * the caller. 1051 * 1052 * XXX If the link does not have link-layer address, what should 1053 * we do? (ifp->if_addrlen == 0) 1054 * Spec says nothing in sections for RA, RS and NA. There's small 1055 * description on it in NS section (RFC 2461 7.2.3). 1056 */ 1057 1058 rt = nd6_lookup(from, 0, ifp, ifp->if_rdomain); 1059 if (rt == NULL) { 1060 rt = nd6_lookup(from, 1, ifp, ifp->if_rdomain); 1061 is_newentry = 1; 1062 } else { 1063 /* do not overwrite local or static entry */ 1064 if (ISSET(rt->rt_flags, RTF_STATIC|RTF_LOCAL)) { 1065 rtfree(rt); 1066 return; 1067 } 1068 is_newentry = 0; 1069 } 1070 1071 if (!rt) 1072 return; 1073 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1074 fail: 1075 nd6_free(rt); 1076 rtfree(rt); 1077 return; 1078 } 1079 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1080 if (ln == NULL) 1081 goto fail; 1082 if (rt->rt_gateway == NULL) 1083 goto fail; 1084 if (rt->rt_gateway->sa_family != AF_LINK) 1085 goto fail; 1086 sdl = satosdl(rt->rt_gateway); 1087 1088 olladdr = (sdl->sdl_alen) ? 1 : 0; 1089 if (olladdr && lladdr) { 1090 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1091 llchange = 1; 1092 else 1093 llchange = 0; 1094 } else 1095 llchange = 0; 1096 1097 /* 1098 * newentry olladdr lladdr llchange (*=record) 1099 * 0 n n -- (1) 1100 * 0 y n -- (2) 1101 * 0 n y -- (3) * STALE 1102 * 0 y y n (4) * 1103 * 0 y y y (5) * STALE 1104 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1105 * 1 -- y -- (7) * STALE 1106 */ 1107 1108 if (llchange) { 1109 char addr[INET6_ADDRSTRLEN]; 1110 log(LOG_INFO, "ndp info overwritten for %s by %s on %s\n", 1111 inet_ntop(AF_INET6, from, addr, sizeof(addr)), 1112 ether_sprintf(lladdr), ifp->if_xname); 1113 } 1114 if (lladdr) { /* (3-5) and (7) */ 1115 /* 1116 * Record source link-layer address 1117 * XXX is it dependent to ifp->if_type? 1118 */ 1119 sdl->sdl_alen = ifp->if_addrlen; 1120 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1121 } 1122 1123 if (!is_newentry) { 1124 if ((!olladdr && lladdr) || /* (3) */ 1125 (olladdr && lladdr && llchange)) { /* (5) */ 1126 do_update = 1; 1127 newstate = ND6_LLINFO_STALE; 1128 } else /* (1-2,4) */ 1129 do_update = 0; 1130 } else { 1131 do_update = 1; 1132 if (!lladdr) /* (6) */ 1133 newstate = ND6_LLINFO_NOSTATE; 1134 else /* (7) */ 1135 newstate = ND6_LLINFO_STALE; 1136 } 1137 1138 if (do_update) { 1139 /* 1140 * Update the state of the neighbor cache. 1141 */ 1142 ln->ln_state = newstate; 1143 1144 if (ln->ln_state == ND6_LLINFO_STALE) { 1145 /* 1146 * Since nd6_resolve() in ifp->if_output() will cause 1147 * state transition to DELAY and reset the timer, 1148 * we must set the timer now, although it is actually 1149 * meaningless. 1150 */ 1151 nd6_llinfo_settimer(ln, nd6_gctimer); 1152 if_output_mq(ifp, &ln->ln_mq, &ln_hold_total, 1153 rt_key(rt), rt); 1154 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1155 /* probe right away */ 1156 nd6_llinfo_settimer(ln, 0); 1157 } 1158 } 1159 1160 /* 1161 * ICMP6 type dependent behavior. 1162 * 1163 * NS: clear IsRouter if new entry 1164 * RS: clear IsRouter 1165 * RA: set IsRouter if there's lladdr 1166 * redir: clear IsRouter if new entry 1167 * 1168 * RA case, (1): 1169 * The spec says that we must set IsRouter in the following cases: 1170 * - If lladdr exist, set IsRouter. This means (1-5). 1171 * - If it is old entry (!newentry), set IsRouter. This means (7). 1172 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1173 * A question arises for (1) case. (1) case has no lladdr in the 1174 * neighbor cache, this is similar to (6). 1175 * This case is rare but we figured that we MUST NOT set IsRouter. 1176 * 1177 * newentry olladdr lladdr llchange NS RS RA redir 1178 * D R 1179 * 0 n n -- (1) c ? s 1180 * 0 y n -- (2) c s s 1181 * 0 n y -- (3) c s s 1182 * 0 y y n (4) c s s 1183 * 0 y y y (5) c s s 1184 * 1 -- n -- (6) c c c s 1185 * 1 -- y -- (7) c c s c s 1186 * 1187 * (c=clear s=set) 1188 */ 1189 switch (type & 0xff) { 1190 case ND_NEIGHBOR_SOLICIT: 1191 /* 1192 * New entry must have is_router flag cleared. 1193 */ 1194 if (is_newentry) /* (6-7) */ 1195 ln->ln_router = 0; 1196 break; 1197 case ND_REDIRECT: 1198 /* 1199 * If the icmp is a redirect to a better router, always set the 1200 * is_router flag. Otherwise, if the entry is newly created, 1201 * clear the flag. [RFC 2461, sec 8.3] 1202 */ 1203 if (code == ND_REDIRECT_ROUTER) 1204 ln->ln_router = 1; 1205 else if (is_newentry) /* (6-7) */ 1206 ln->ln_router = 0; 1207 break; 1208 case ND_ROUTER_SOLICIT: 1209 /* 1210 * is_router flag must always be cleared. 1211 */ 1212 ln->ln_router = 0; 1213 break; 1214 case ND_ROUTER_ADVERT: 1215 /* 1216 * Mark an entry with lladdr as a router. 1217 */ 1218 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1219 (is_newentry && lladdr)) { /* (7) */ 1220 ln->ln_router = 1; 1221 } 1222 break; 1223 } 1224 1225 rtfree(rt); 1226 } 1227 1228 void 1229 nd6_slowtimo(void *ignored_arg) 1230 { 1231 struct nd_ifinfo *nd6if; 1232 struct ifnet *ifp; 1233 1234 NET_LOCK(); 1235 1236 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 1237 1238 TAILQ_FOREACH(ifp, &ifnetlist, if_list) { 1239 nd6if = ifp->if_nd; 1240 if ((nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1241 /* 1242 * Since reachable time rarely changes by router 1243 * advertisements, we SHOULD insure that a new random 1244 * value gets recomputed at least once every few hours. 1245 * (RFC 2461, 6.3.4) 1246 */ 1247 nd6if->recalctm = ND6_RECALC_REACHTM_INTERVAL; 1248 nd6if->reachable = ND_COMPUTE_RTIME(REACHABLE_TIME); 1249 } 1250 } 1251 NET_UNLOCK(); 1252 } 1253 1254 int 1255 nd6_resolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 1256 struct sockaddr *dst, u_char *desten) 1257 { 1258 struct sockaddr_dl *sdl; 1259 struct rtentry *rt; 1260 struct llinfo_nd6 *ln = NULL; 1261 struct in6_addr saddr6; 1262 time_t uptime; 1263 int solicit = 0; 1264 1265 if (m->m_flags & M_MCAST) { 1266 ETHER_MAP_IPV6_MULTICAST(&satosin6(dst)->sin6_addr, desten); 1267 return (0); 1268 } 1269 1270 uptime = getuptime(); 1271 rt = rt_getll(rt0); 1272 1273 if (ISSET(rt->rt_flags, RTF_REJECT) && 1274 (rt->rt_expire == 0 || rt->rt_expire > uptime)) { 1275 m_freem(m); 1276 return (rt == rt0 ? EHOSTDOWN : EHOSTUNREACH); 1277 } 1278 1279 /* 1280 * Address resolution or Neighbor Unreachability Detection 1281 * for the next hop. 1282 * At this point, the destination of the packet must be a unicast 1283 * or an anycast address(i.e. not a multicast). 1284 */ 1285 if (!ISSET(rt->rt_flags, RTF_LLINFO)) { 1286 char addr[INET6_ADDRSTRLEN]; 1287 log(LOG_DEBUG, "%s: %s: route contains no ND information\n", 1288 __func__, inet_ntop(AF_INET6, 1289 &satosin6(rt_key(rt))->sin6_addr, addr, sizeof(addr))); 1290 goto bad; 1291 } 1292 1293 if (rt->rt_gateway->sa_family != AF_LINK) { 1294 printf("%s: something odd happens\n", __func__); 1295 goto bad; 1296 } 1297 1298 KERNEL_LOCK(); 1299 if (!ISSET(rt->rt_flags, RTF_LLINFO)) { 1300 KERNEL_UNLOCK(); 1301 goto bad; 1302 } 1303 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1304 KASSERT(ln != NULL); 1305 1306 /* 1307 * Move this entry to the head of the queue so that it is less likely 1308 * for this entry to be a target of forced garbage collection (see 1309 * nd6_rtrequest()). 1310 */ 1311 mtx_enter(&nd6_mtx); 1312 TAILQ_REMOVE(&nd6_list, ln, ln_list); 1313 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 1314 mtx_leave(&nd6_mtx); 1315 1316 /* 1317 * The first time we send a packet to a neighbor whose entry is 1318 * STALE, we have to change the state to DELAY and set a timer to 1319 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure we do 1320 * neighbor unreachability detection on expiration. 1321 * (RFC 2461 7.3.3) 1322 */ 1323 if (ln->ln_state == ND6_LLINFO_STALE) { 1324 ln->ln_asked = 0; 1325 ln->ln_state = ND6_LLINFO_DELAY; 1326 nd6_llinfo_settimer(ln, nd6_delay); 1327 } 1328 1329 /* 1330 * If the neighbor cache entry has a state other than INCOMPLETE 1331 * (i.e. its link-layer address is already resolved), just 1332 * send the packet. 1333 */ 1334 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) { 1335 KERNEL_UNLOCK(); 1336 1337 sdl = satosdl(rt->rt_gateway); 1338 if (sdl->sdl_alen != ETHER_ADDR_LEN) { 1339 char addr[INET6_ADDRSTRLEN]; 1340 log(LOG_DEBUG, "%s: %s: incorrect nd6 information\n", 1341 __func__, 1342 inet_ntop(AF_INET6, &satosin6(dst)->sin6_addr, 1343 addr, sizeof(addr))); 1344 goto bad; 1345 } 1346 1347 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 1348 return (0); 1349 } 1350 1351 /* 1352 * There is a neighbor cache entry, but no ethernet address 1353 * response yet. Insert mbuf in hold queue if below limit. 1354 * If above the limit free the queue without queuing the new packet. 1355 */ 1356 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1357 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1358 /* source address of prompting packet is needed by nd6_ns_output() */ 1359 if (m->m_len >= sizeof(struct ip6_hdr)) { 1360 memcpy(&ln->ln_saddr6, &mtod(m, struct ip6_hdr *)->ip6_src, 1361 sizeof(ln->ln_saddr6)); 1362 } 1363 if (atomic_inc_int_nv(&ln_hold_total) <= LN_HOLD_TOTAL) { 1364 if (mq_push(&ln->ln_mq, m) != 0) 1365 atomic_dec_int(&ln_hold_total); 1366 } else { 1367 atomic_sub_int(&ln_hold_total, mq_purge(&ln->ln_mq) + 1); 1368 m_freem(m); 1369 } 1370 1371 /* 1372 * If there has been no NS for the neighbor after entering the 1373 * INCOMPLETE state, send the first solicitation. 1374 */ 1375 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 1376 ln->ln_asked++; 1377 nd6_llinfo_settimer(ln, RETRANS_TIMER / 1000); 1378 saddr6 = ln->ln_saddr6; 1379 solicit = 1; 1380 } 1381 KERNEL_UNLOCK(); 1382 1383 if (solicit) 1384 nd6_ns_output(ifp, NULL, &satosin6(dst)->sin6_addr, &saddr6, 0); 1385 return (EAGAIN); 1386 1387 bad: 1388 m_freem(m); 1389 return (EINVAL); 1390 } 1391 1392 int 1393 nd6_need_cache(struct ifnet *ifp) 1394 { 1395 /* 1396 * RFC2893 says: 1397 * - unidirectional tunnels needs no ND 1398 */ 1399 switch (ifp->if_type) { 1400 case IFT_ETHER: 1401 case IFT_IEEE80211: 1402 case IFT_CARP: 1403 return (1); 1404 default: 1405 return (0); 1406 } 1407 } 1408